Lazarus Strikes npm Again with New Wave of Malicious Packages

  • Article

Name

Lazarus Strikes npm Again with New Wave of Malicious Packages

Description

North Korea’s Lazarus Group has launched a new npm supply chain attack. Researchers at Socket identified the BeaverTail malware and InvisibleFerret backdoor in these packages, which have been downloaded over 330 times before detection.

Types

Article

Authors

Kirill Boychenko

Avatar

Publish date

12:00am, Tuesday, March 11, 2025

Publisher

Socket

Related projects

Lazarus Group

Web URL

https://socket.dev/blog/lazarus-strikes-npm-again-with-a-new-wave-of-malicious-packages

Referenced by

The six new packages — collectively downloaded over 330 times — closely mimic the names of widely trusted libraries, employing a well-known typosquatting tactic used by Lazarus-linked threat actors to deceive developers

Crypto news

Quote

The Socket Research Team announced it has uncovered 6 new malicious npm packages linked to North Korea’s Lazarus group

Crypto news

News story

Additionally, the APT group created and maintained GitHub repositories for five of the malicious packages, lending an appearance of open source legitimacy and increasing the likelihood of the harmful code being integrated into developer workflows

Crypto news

Quote