Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign
Summary
Researchers from ReversingLabs have uncovered a sophisticated fake recruitment campaign linked to North Korea's Lazarus Group, targeting developers through malicious npm and PyPI packages. This ongoing operation employs deceptive tactics to infiltrate the software supply chain, raising cybersecurity concerns.
Key Insights
What are npm and PyPI?
npm is the package manager for JavaScript/Node.js, and PyPI is the Python Package Index, both public repositories where developers share and download reusable code libraries to build software efficiently.[1][3][5]
How does the Lazarus Group's fake recruiter campaign deliver malware?
Attackers pose as recruiters on LinkedIn, Reddit, and Facebook, directing developers to GitHub repositories for fake job interview tasks in Python or JavaScript; these repositories depend on malicious npm or PyPI packages that install a remote access trojan (RAT) when executed.[1][3][6]