• Quote

Name

Additionally, the APT group created and maintained GitHub repositories for five of the malicious packages, lending an appearance of open source legitimacy and increasing the likelihood of the harmful code being integrated into developer workflows

Types

Quote

Authors

Kirill Boychenko

Related projects

Lazarus Group

Sources

Lazarus Strikes npm Again with New Wave of Malicious Packages

Referenced by

The attack by the Lazarus Group, uncovered by the Socket Research Team, leveraged GitHub to host malicious repositories, increasing the risk of harmful code integration into developer workflows. Similar campaigns have also been spotted on the Python Package Index (PyPI), highlighting a broader effort to exploit multiple open-source ecosystems.

Crypto news

Claim