cyrpto crypto, developers, exodus, hundreds, infects, Lazarus, software, Solana, targeting, wallets Mark March 12, 2025 0 Comments

Lazarus infects hundreds software developers, targeting Solana and Exodus crypto wallets

A new Lazarus campaign spreads in NPM packages, using Beaveut malware to steal identification information, exfiltrate cryptocurrency and deploy a persistent stolen door.

North KoreaThe Lazarus group has planted six malicious packages in the NPM, targeting developers and cryptocurrency users, reveals a new research.

According to Their resultsThe malicious packages, downloaded more than 300 times, are designed to steal connection identification information, deploy wandering and extract sensitive data from Solara-The cryptocurrency portfolios linked or exodus. Malware specifically targets browser profiles, scanning Chrome, Brave and Firefox files, as well as Trousseau on MacOS.

The identified packages-Is-Buffer-Validator, Yoojae-Validator, Event-Handle-Package, Array-Mans-Validator, React-Event-Dependence and Auth-Validator-use Typosquat developers, Tricking with badly spelled names to install them.

“The stolen data is then exfiltrated to a C2 server coded in hard at HXXP: //172.86.84[.]38: 1224 / Downloads, following the well -documented strategy of the harvesting and transmission of compromised information. »»

Kirill Boychenko, threat information analyst at Socket Security

Lazarus previously used supply chain attacks via NPM, GitHub and Pypi to infiltrate networks, contributing to major hacks such as bybit exchange of $ 1.5 billion. The group’s tactics align with the past campaigns by taking advantage of the useful loads in several stages to maintain long -term access, note cybersecurity experts.

At the end of February, North Korean pirates targeted Bybit, one of the largest cryptocurrency exchanges, flying about $ 1.46 billion in crypto in a very sophisticated burglary. The attack would have been carried out by compromise The computer’s computer at Safe, the Bybit technology provider. Less than two weeks after the violation, the CEO of Ben Ben Zhou declared that around 20% of stolen funds became not found, due to the use of pirate mixing services.