The OpenSourceMalware Show #10
2026-06-25 • Open Source Malware •
https://opensourcemalware.com/blog/opensourcemalware-show-episode10
OpenSourceMalware highlights Lazarus Group software supply chain techniques including malicious-version “sandwiching,” reuse of Aptos/Tron/BSC blockchain infrastructure for mutable C2, and embedded campaign-tracking strings in payloads. The episode cites campaign strings such as `ace-a6-shadow-15` and `a6-orion-271` in npm packages and frames them as useful research pivots rather than broad detection strings. It also warns that cross-ecosystem malicious packages, dependency clusters, dynamic imports, and payload splitting are spreading beyond DPRK activity as lower-sophistication actors adopt similar supply chain tradecraft.