Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads
Contents
Security News
NVD Quietly Sweeps 100K+ CVEs Into a “Deferred” Black Hole
NVD now marks all pre-2018 CVEs as "Deferred," signaling it will no longer enrich older vulnerabilities, further eroding trust in its data.
Research
Security News
Kirill Boychenko
April 4, 2025
North Korean threat actors behind the Contagious Interview operation have expanded their presence in the npm ecosystem, publishing additional malicious packages that deliver the previously identified BeaverTail malware and introducing new packages with remote access trojan (RAT) loader functionality. These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation in the threat actors’ obfuscation techniques.
The threat group’s objectives remain unchanged: to compromise developer systems, steal sensitive credentials or financial assets, and maintain access to compromised environments. The Contagious Interview threat actors continue to create new npm accounts and deploy malicious code across platforms like the npm registry, GitHub, and Bitbucket, demonstrating their persistence and showing no …
NVD Quietly Sweeps 100K+ CVEs Into a “Deferred” Black Hole
NVD now marks all pre-2018 CVEs as "Deferred," signaling it will no longer enrich older vulnerabilities, further eroding trust in its data.
Research
Security News
Kirill Boychenko
April 4, 2025
North Korean threat actors behind the Contagious Interview operation have expanded their presence in the npm ecosystem, publishing additional malicious packages that deliver the previously identified BeaverTail malware and introducing new packages with remote access trojan (RAT) loader functionality. These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation in the threat actors’ obfuscation techniques.
The threat group’s objectives remain unchanged: to compromise developer systems, steal sensitive credentials or financial assets, and maintain access to compromised environments. The Contagious Interview threat actors continue to create new npm accounts and deploy malicious code across platforms like the npm registry, GitHub, and Bitbucket, demonstrating their persistence and showing no …