The attack by the Lazarus Group on npm, uncovered by the Socket Research Team, leveraged typosquatting techniques, mimicking trusted JavaScript libraries. This tactic deceived developers into unknowingly downloading malicious packages, leading to the installation of malware.

Claim

Name

Types

Claim

Quotes that support claims

The six new packages — collectively downloaded over 330 times — closely mimic the names of widely trusted libraries, employing a well-known typosquatting tactic used by Lazarus-linked threat actors to deceive developers

These work by using typosquatting, with misspelled names, to trick developers into installing them

The six Lazarus packages discovered in npm all employ typosquatting tactics to trick developers into accidental installations

Related projects

Lazarus Group

Socket

Referenced by

Summary

Crypto news

Data block

​

Referenced by

Summary