North Korea’s Lazarus Deploys Malicious NPM Packages to Steal Data. North Korea’s Lazarus Group expanded a malicious campaign of uploading malicious code to the JavaScript runtime environment npm repository, publishing 11 packages embedded with Trojan loaders. Researchers identified 11 malicious packages in the repository, a hotspot for supply chain attacks.
First seen on govinfosecurity.com
Jump to article: www.govinfosecurity.com/lazarus-expands-npm-campaign-trojan-loaders-a-27943
