Summary: The Lazarus Group, a North Korean threat actor, has been linked to a new JavaScript implant named Marstech1, which targets developers through compromised GitHub repositories. The implant poses significant supply chain risks by collecting system information and altering browser extension settings, particularly for cryptocurrency wallets. The ongoing operation has affected 233 confirmed victims across multiple regions, with evidence suggesting active development and evolving tactics to evade detection.
Affected: Developers and organizations in the cryptocurrency sector
Keypoints :
- Marstech1 was delivered via a now-defunct GitHub profile and is designed to collect sensitive system information.
- The implant targets cryptocurrency wallets, including MetaMask, Exodus, and Atomic, across multiple operating systems.
- The ongoing campaign may involve North Korean IT workers posing as legitimate employees, implicating organizations in potential violations of international sanctions.
Source: https://thehackernews.com/2025/02/lazarus-group-deploys-marstech1.html