Security

Lazarus Group Exploits Github, npm package Cryptocurrency Malware Campaign

2 Min Read
2 Min Read
Lazarus Group Exploits Github, npm package Cryptocurrency Malware Campaign

Following the analysis of the SecurityScorecard strike team, cyber groups lined up in the provinces from North Korea breached GitHub repository and NPM modules with stealth malicious code, stealing digital currency and stealing digital currency.

Security researchers warn of rising open source malware attacks linked to the Lazarus Group

As detailed in the Computing.co.uk report, Lazarus Group injects harmful JavaScript into its Github project under the pseudonym “Success Friend” but the NPM tool that blockchain engineers rely on destroyed. The codename “Marstech Mayhem Operation” exploits the weaknesses of the software supply chain to spread Marstech1 malware designed to penetrate wallets such as Metamask, Exodus, and atoms.

MARSTECH1 COMBS-infected devices for cryptocurrency wallets manipulate browser settings to secretly redirect transactions. By impersonating itself as a benign system activity, the code avoids security scans and allows for persistent data extraction. According to Computing.co.uk, this represents the second major GitHub-based violation in 2025, when attackers weaponized the platform’s scope to propagate malicious software in January 2025 reflects the incident.

The report further notes that SecurityScoreCard has identified 233 compromised entities across the US, Europe and Asia, confirming that Lazarus-related scripts are in operation since July 2024. A parallel strategy was introduced in January 2025. This came when a fake Python library disguised as a Deepseek AI utility was removed from Pypi to harvest developer logins.

Analysts warn that such invasions could proliferate significantly in 2025, and could be driven by a development pipeline intertwined with open source ubiquitousness. Computing.co.uk explains that the Security Week article refers to the recent classification of supply chain vulnerabilities as the best cybersecurity threat.

See also  Elon Musk surprises the community with a big crypto scam. "Block him."

Lazarus’ latest efforts represent the sophisticated tactics of government-sponsored digital spy targeting critical technical frameworks. Computing.co.uk Note Global Entities recommend scrutinizing third-party code integrations and strengthening review mechanisms to combat these threats.

Discover more from Earlybirds Invest

Subscribe to get the latest posts sent to your email.

TAGGED:
Share This Article
Leave a comment

Popular News

Coinbase, BiT Global End Legal Fight Over WBTC Delisting
Coinbase, BiT Global End Legal Fight Over WBTC Delisting
Crypto
Altair Mainnet Announcement
Altair Mainnet Announcement
Ethereum
T-Mobile Customers Begin Receiving 0,000,000 Payout After Major Hack and Class Action Settlement
T-Mobile Customers Begin Receiving $350,000,000 Payout After Major Hack and Class Action Settlement
Altcoin
DappRadar: DeFi and NFT Upticks in May Could Mark Start of Recovery
DappRadar: DeFi and NFT Upticks in May Could Mark Start of Recovery
Solana
China’s DeepSeek AI Predicts the Price of XRP, Dogecoin and Pepe by the End of 2025
China’s DeepSeek AI Predicts the Price of XRP, Dogecoin and Pepe by the End of 2025
XRP
bitcoin
Bitcoin (BTC) $ 104,529.90
ethereum
Ethereum (ETH) $ 2,607.77
tether
Tether USDt (USDT) $ 1.00
bnb
BNB (BNB) $ 665.23
xrp
XRP (XRP) $ 2.20
cardano
Cardano (ADA) $ 0.667751
usd-coin
USDC (USDC) $ 1.00
binance-usd
BUSD (BUSD) $ 1.00
dogecoin
Dogecoin (DOGE) $ 0.187601
okb
OKB (OKB) $ 49.98
shiba-inu
Shiba Inu (SHIB) $ 0.000013
tron
TRON (TRX) $ 0.273074
uniswap
Uniswap (UNI) $ 6.28
litecoin
Litecoin (LTC) $ 88.23
solana
Solana (SOL) $ 154.53
chainlink
Chainlink (LINK) $ 13.78
cosmos
Cosmos (ATOM) $ 4.25
ethereum-classic
Ethereum Classic (ETC) $ 17.20
filecoin
Filecoin (FIL) $ 2.56
bitcoin-cash
Bitcoin Cash (BCH) $ 403.94
monero
Monero (XMR) $ 306.52

Discover more from Earlybirds Invest

Subscribe now to keep reading and get access to the full archive.

Continue reading