Half a dozen typosquatted npm packages have been leveraged by North Korean hacking collective Lazarus Group to facilitate data compromise in a new developer-targeted attack campaign, reports Hackread.
Aside from exfiltrating system information, all of the malicious packages impersonating widely used utilities and libraries — which have amassed almost 330 downloads before being removed from the npm software repository — also enabled credential and cryptocurrency asset theft through the targeting of browser profiles and Solana and Exodus wallet files, respectively, according to an analysis from the Socket Research Team.
Attacks also allowed the delivery of the InvisibleFerret backdoor and other malicious payloads, said Socket researchers.
Such findings are indicative of threat actors' increased exploitation of npm packages due to developers' excessive trust on open-source repositories, said SOCRadar Chief Security Officer Ensar Seker, who warned that the attack of Lazarus Group could permit lateral movement to compromise other organizations.
