Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Lazarus Uses Fake npm Packages to Attack

March 12, 2025
Reading Time: 2 mins read
in Alerts
Sola Security Raises $30M for AI Platform

The Lazarus Group, a notorious North Korean hacking collective, has been linked to a recent attack involving malicious npm packages. These six malicious packages, which were downloaded approximately 330 times, were designed to steal sensitive information, including account credentials and cryptocurrency data. The group used typosquatting tactics to trick developers into downloading packages that appeared legitimate but were, in fact, compromised. By leveraging these packages, Lazarus Group was able to plant malware and backdoors in the compromised systems.

The six malicious packages identified included names such as “is-buffer-validator,” “yoojae-validator,” and “auth-validator,” all mimicking popular libraries.

These packages, once installed, would steal login credentials, extract data from browsers, and target cryptocurrency wallets. The malware was designed to specifically harvest wallet files like “id.json” from Solana and “exodus.wallet” from Exodus. In addition to credential theft, the packages installed backdoors, allowing Lazarus Group to maintain long-term access to the infected systems and networks.

This attack highlights the risk developers face when using open-source repositories like npm, which are often trusted without thorough verification. The malicious code inside these packages was designed to extract sensitive information from browsers and system environments. It targeted not only login data but also API keys, system credentials, and even stored cryptocurrency wallet information.

The Lazarus Group’s focus on stealing crypto data is consistent with North Korea’s history of cybercrime, often motivated by financial gain to fund state-backed activities.

Although GitHub has removed the identified malicious packages, the risk remains as Lazarus Group may continue to use similar tactics in future campaigns. To protect against such attacks, developers and organizations must adopt robust security practices. Verifying package sources, checking the reputation of the publisher, and closely examining code for anomalies are key steps in mitigating the threat. This attack serves as a reminder of the importance of scrutinizing third-party code in open-source environments to safeguard both individual and organizational data.

Reference:
  • Lazarus Group Uses Fake npm Packages to Steal Crypto and Deploy Backdoors
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityMarch 2025
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial