#MastertheMarket #crypto #news #HackerAlert

Lazarus Hackers Launch New Attack via GitHub

Attackers from the North Korean hacker group Lazarus have published six infected npm packages on the GitHub platform that are capable of stealing keys to crypto wallets, among other things. This was reported by Socket specialists.

According to experts, the attackers tried to pass off the infected code as popular libraries that are often downloaded from the platform. The hackers hope that developers will use the compromised files and embed the malicious code in their products. Special repositories were created for five of the packages to add credibility to the scheme.

Socket noted that the code is capable of extracting data on cryptocurrencies, in particular, confidential information from Solana and Exodus wallets. The attack targets Google Chrome, Brave, and Firefox files, as well as data from the Keychain storage in macOS.

“It is difficult to determine whether this attack is related to Lazarus or a copycat. However, the tactics, methods, and procedures (TTP) observed in this npm attack are closely related to known Lazarus operations, which have been well-documented by researchers from Unit42, eSentire, DataDog, Phylum, and others since 2022,” wrote Kirill Boychenko, a threat intelligence analyst at Socket.

The problematic files were downloaded more than 330 times. Experts called for the malicious repositories to be removed.

Recall that Bybit called on the ParaSwap DAO to return 44.67 wETH (~$100,000) earned in Lazarus transaction fees.