Lazarus is injecting malicious JavaScript code into GitHub repositories under a profile named SuccessFriend, as well as embedding malware within NPM packages commonly used by cryptocurrency and Web3 developers. This tactic significantly increases the risk of compromised dependencies spreading across software ecosystems.
The malware, identified as Marstech1, specifically targets cryptocurrency wallets like MetaMask, Exodus, and Atomic. Once installed, it scans infected systems for these wallets and manipulates browser configuration files to covertly intercept transactions.
SecurityScorecard reports that the malicious JavaScript code has been active since July 2024, a year when open-source malware attacks have tripled. So far, at least 233 victims across the US, Europe, and Asia have been confirmed.
This attack is part of a growing trend of supply chain cyber threats. Recently, security researchers detected and removed malicious Python packages from PyPI that disguised themselves as legitimate DeepSeek AI libraries while stealing sensitive credentials from developers.
Experts anticipate an increase in attacks on open-source projects this year due to their widespread adoption. The World Economic Forum has also identified software supply chain interdependencies as a major cybersecurity risk, urging the industry to adopt stricter security practices to mitigate these evolving threats.
Source: Computing
The European Cyber Intelligence Foundation is a nonprofit think tank specializing in intelligence and cybersecurity, offering consultancy services to government entities. To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net, or you can try yourself using check.website.