The North Korean hacking group Lazarus has been linked to six new malicious npm packages aimed at stealing cryptocurrency credentials. These packages exploit typosquatting to trick developers into installing them, targeting browsers like Google Chrome, Brave, and Firefox, as well as MacOS keychain data. They aim to extract sensitive information from popular wallets such as MetaMask and Exodus. The attack strategy reflects Lazarus's previous operations, as noted by cybersecurity experts. Despite being downloaded over 330 times, efforts are being made to report and remove the malicious packages. This incident is part of a broader trend of attacks in the cryptocurrency realm, with Lazarus previously linked to significant hacks including a recent $1.4 billion hack on crypto exchange Bybit. Cybersecurity analysts emphasize the challenge of attributing these attacks definitively to Lazarus due to the complexities involved in cyber attribution.

Source đź”—