The North Korean state-sponsored threat actor known as Lazaraus Group is now running a campaign targeting software and Web3 developers with “undetectable” malware. MSN reports:
Cybersecurity researchers at STRIKE from SecurityScorecard said they observed malware being embedded into GitHub repositories and NPM packages, where unsuspecting developers pick them up and integrate into their own projects.
The researchers said they saw the SuccessFriend GitHub profile, known to be linked to Lazarus, injecting JavaScript implants into GitHub repositories, where they blend in with legitimate code. To make matters worse, the profile has also committed benign code, to better hide its malicious intent.
The malware is being distributed inside NPM packages, STRIKE says, which are “widely used” by cryptocurrency developers and Web3 projects.
Read more at MSN.
