New Lazarus Group campaign sees North Korean hackers spreading undetectable malware through GitHub and open source packages
Posted by:
James Thompson
Security researchers have uncovered malicious code in NPM packages and GitHub commits, which has been linked to the notorious Lazarus Group, a North Korean state-sponsored threat actor. The Lazarus Group is targeting software and Web3 developers with sophisticated malware that is designed to be “undetectable.” The campaign, named Marstech Mayhem, involves injecting JavaScript implants into GitHub repositories and NPM packages, with the malicious code disguised among legitimate code. The malware, named Marstech1, is distributed widely among cryptocurrency developers and Web3 projects, aiming to intercept transactions from MetaMask, Exodus, and Atomic wallets. So far, over 200 victims have been confirmed across the US, Europe, and Asia. Organizations and developers are advised to implement proactive security measures and advanced threat intelligence solutions to defend against such sophisticated attacks.
Recent Posts1
