The Lazarus group, based in North Korea, has embedded six destructive packages in npm targeting developers and users of digital currencies. According to Socket research team, these packages, downloaded over 300 times, are designed to steal login information, install backdoors, and extract sensitive data from wallets associated with Solana or Exodus. This malware specifically targets browser profiles and scans files from Chrome, Brave, and Firefox. Identified packages deceive developers using typo-squatting attacks. Lazarus has previously used the supply chain attacks via npm, GitHub, and PyPI to infiltrate networks. Recently, the group was involved in stealing $1.5 billion from the Bybit exchange. Cybersecurity experts emphasize that the group’s tactics align with their previous campaigns.
