Summary: Six malicious npm packages linked to the North Korean hacking group Lazarus have been discovered, designed to steal credentials and extract sensitive information. These packages, which have been downloaded 330 times, employ typosquatting tactics to mislead developers into installing them. Their malicious capabilities include the installation of backdoors and targeted cryptocurrency wallet thefts.
Affected: npm (Node package manager)
Keypoints :
- Packages like is-buffer-validator and react-event-dependency masquerade as legitimate libraries to deceive developers.
- The malware extracted targets include cryptocurrency wallets and browser credentials from Chrome, Brave, and Firefox.
- All six packages are still active and available on npm and GitHub, posing ongoing threats to developers.