The Socket Research Team announced it has uncovered 6 new malicious npm packages linked to North Korea’s Lazarus group

  • News story


Name

The Socket Research Team announced it has uncovered 6 new malicious npm packages linked to North Korea’s Lazarus group

Description

The Socket team uncovered six JavaScript libraries using typosquatting to mimic legitimate packages. Linked to North Korea’s Lazarus Group, these malicious npm packages steal credentials, extract crypto wallet data and install backdoors.

Publish date

1:42pm, Tuesday, March 11, 2025