The six new packages — collectively downloaded over 330 times — closely mimic the names of widely trusted libraries, employing a well-known typosquatting tactic used by Lazarus-linked threat actors to deceive developers

Quote

Name

Description

Types

Quote

Authors

Kirill Boychenko

Related projects

Lazarus Group

Sources

Lazarus Strikes npm Again with New Wave of Malicious Packages

Referenced by

The attack by the Lazarus Group on npm, uncovered by the Socket Research Team, leveraged typosquatting techniques, mimicking trusted JavaScript libraries. This tactic deceived developers into unknowingly downloading malicious packages, leading to the installation of malware.

Crypto news

Claim

The attack by the Lazarus Group, uncovered by the Socket Research Team, affected at least 330 developers who unknowingly downloaded the malicious npm packages before they were identified and reported

Crypto news

Claim

​

Referenced by

The attack by the Lazarus Group on npm, uncovered by the Socket Research Team, leveraged typosquatting techniques, mimicking trusted JavaScript libraries. This tactic deceived developers into unknowingly downloading malicious packages, leading to the installation of malware.

The attack by the Lazarus Group, uncovered by the Socket Research Team, affected at least 330 developers who unknowingly downloaded the malicious npm packages before they were identified and reported