Resurgent North Korean Malware Campaign in npm
Contents
Hello from the Veracode Research blog! It’s been a minute since we’ve done a malware write-up, but we’re back and ready for action! And speaking of folks who are back and ready for action, the North Korean attackers behind the crypto wallet stealer campaign we wrote about in February of 2024 and again in May of 2024 are back at it with a new batch of malicious npm packages. Once again, we’re seeing some familiar tactics being used to target unsuspecting developers like obfuscation, multi-stage execution, and exfiltration of sensitive crypto-related data. Same playbook, new package names. (Note: Independent research from the Socket Security team has attributed these packages back to the Lazarus Group, the North Korean state-sponsored hacking group.)
The New Wallet Stealer Campaign
The new packages we’ve identified that belong to this new campaign shares striking similarities with the malware operations we previously documented. These packages continue the attackers’ pattern …
The New Wallet Stealer Campaign
The new packages we’ve identified that belong to this new campaign shares striking similarities with the malware operations we previously documented. These packages continue the attackers’ pattern …