Tech »  Topic »  Lazarus Expands NPM Campaign With Trojan Loaders

Lazarus Expands NPM Campaign With Trojan Loaders

2 weeks, 3 days ago   bankinfosecurity

North Korea's Lazarus Deploys Malicious NPM Packages to Steal Data Prajeet Nair (@prajeetspeaks) • April 7, 2025

Powered by stolen cryptocurrency. (Image: KCNA)

North Korea's Lazarus Group expanded a cyber attack campaign of uploading malicious code to the JavaScript runtime environment NPM repository, publishing 11 new packages embedded with Trojan loaders.

See Also: Your Guide to Threat Hunting for Effective Risk Management

Researchers from security firm Socket said Friday that it identified 11 malicious packages in the repository - a hotspot for supply chain attacks - that deliver the "BeaverTail" infostealer (see: Breach Roundup: Malicious NPM Packages Maintain Persistence Even if Initial Malware Is Uninstalled#NPM).

BeaverTail targets browser data, macOS keychain and cryptocurrency wallets. It includes functionality to extract private keys from the Solana blockchain id.json file. North Korean hackers uniquely pillage blockchains for their government, which uses stolen crypto to obtain hard currency and fund weapons of mass ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE

More related news