Report: Lazarus Group Exploits Github, NPM Packages in Cryptocurrency Malware Campaign
A state-aligned cyber collective from North Korea has compromised Github repositories and NPM modules with stealthy malicious code to pilfer digital currencies, per a Securityscorecard STRIKE Team analysis.
Security Researchers Warn of Rising Open-Source Malware Attacks Linked to Lazarus Group
As detailed by a Computing.co.uk report, the Lazarus Group injected harmful Javascript into Github projects under the pseudonym “Successfriend,” while subverting NPM tools relied on by blockchain engineers. Codenamed “Operation Marstech Mayhem,” the initiative exploits weaknesses in software supply chains to disseminate the Marstech1 malware, designed to infiltrate wallets such as Metamask, Exodus, and Atomic.
Marstech1 combs infected devices for cryptocurrency wallets, then manipulates browser settings to clandestinely redirect transactions. By disguising itself as benign system activity, the code evades security scans, allowing persistent data extraction. Computing.co.uk says this represents 2025’s second significant Github-based breach, mirroring January 2025 incidents where attackers weaponized the platform’s reach to propagate malicious software.
The report further notes that Securityscorecard verified 233 compromised entities spanning the U.S., Europe, and Asia, with Lazarus-linked scripts operational since July 2024—a year witnessing a threefold jump in open-source malware incidents. Parallel strategies emerged in January 2025, when counterfeit Python libraries masquerading as Deepseek AI utilities were purged from PyPI for harvesting developer logins.
Analysts caution that such incursions may proliferate significantly in 2025, fueled by open-source ubiquity and intertwined development pipelines. Computing.co.uk explains that a Security Week article referenced the World Economic Forum’s (WEF) recent classification of supply chain vulnerabilities as a premier cybersecurity threat.
Lazarus’ newest endeavor epitomizes the advanced tactics of government-sponsored digital espionage aimed at vital tech frameworks. Computing.co.uk notes global entities are advised to scrutinize third-party code integrations and fortify review mechanisms to counter these threats.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
New spot margin trading pair — HOLO/USDT!
FUN drops by 32.34% within 24 hours as it faces a steep short-term downturn
- FUN plunged 32.34% in 24 hours to $0.008938, marking a 541.8% monthly loss amid prolonged bearish trends. - Technical breakdowns, elevated selling pressure, and forced liquidations highlight deteriorating market sentiment and risk-off behavior. - Analysts identify key support below $0.0080 as critical, with bearish momentum confirmed by RSI (<30) and MACD indicators. - A trend-following backtest strategy proposes short positions based on technical signals to capitalize on extended downward trajectories.
OPEN has dropped by 189.51% within 24 hours during a significant market pullback
- OPEN's price plummeted 189.51% in 24 hours to $0.8907, marking its largest intraday decline in history. - The token fell 3793.63% over 7 days, matching identical monthly and yearly declines, signaling severe bearish momentum. - Technical analysts cite broken support levels and lack of bullish catalysts as key drivers of the sustained sell-off. - Absence of stabilizing volume or reversal patterns leaves the market vulnerable to further downward pressure.
New spot margin trading pair — LINEA/USDT!
Trending news
MoreCrypto prices
More
