New Lazarus social engineering campaign targets developers

Malicious NPM package dependencies and repository invitations have been leveraged by North Korean state-backed hacking operation Lazarus Group, also known as TraderTraitor and Jade Sleet, in limited social engineering attacks against cybersecurity, cryptocurrency, blockchain, and online gambling developers in GitHub, reports BleepingComputer. Attackers impersonating GitHub developers and recruiters have been luring targets into doing collaborations in projects that leverage malicious NPM dependencies, which enable malware distribution, said GitHub in a security alert. All GitHub and NPM accounts have been suspended following the campaign but GitHub emphasized that the attacks have not impacted any GitHub or NPM systems. Malicious NPMs used as malware downloaders were initially detailed in a Phylum study last month. "This attack in particular stands out due to its unique execution chain requirements: a specific installation order of two distinct packages on the same machine. Moreover, the presumed malicious components are kept out of sight, stored on their servers, and are dynamically dispatched during execution," said Phylum researchers.