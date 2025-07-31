North Korean hacking collective Lazarus Group has been lacing open-source packages with advanced malware as part of efforts to escalate its cyberespionage activities, according to SiliconANGLE.
Popular open-source repositories spoofing legitimate libraries have been leveraged by the group to facilitate clandestine malware compromise, a report from Sonatype revealed. One such attack involved a trojanized vite-postcss-helper npm package that facilitated the retrieval of a loader that launched a clipboard stealer, the BeaverTail credential stealer, a Windows-based keylogger and screenshot tool, and a file exfiltrator. Such attack technique was noted by Sonatype researchers to bolster the stealth of threat operations. Organizations' SecOps and DevSecOps teams have been urged to implement layered security defenses involving a repository firewall and other software supply chain protections. Advancing threats should also prompt increased vigilance on atypical post-installation behavior, according to Sonatype researchers.
