Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
North Korean threat actors have expanded their presence in the npm ecosystem, publishing additional malicious packages that deliver the BeaverTail malware and introduce new remote access trojan loader functionality. The campaign, known as Contagious Interview, aims to compromise developer systems, steal sensitive data, and maintain access to compromised environments. The actors have created new npm accounts and deployed malicious code across npm, GitHub, and Bitbucket. The expanded campaign includes 11 new packages with over 5,600 downloads, using hexadecimal string encoding to evade detection. The malware targets browser data, macOS keychain, and cryptocurrency wallets. The threat actors are diversifying their tactics, using multiple malware variants and obfuscation techniques to ensure resilience and evade detection.
OPENCTI LABELS :
north korea,cryptocurrency,beavertail,invisibleferret
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads