BeaverTail Malware Found in npm Packages: Crypto Sector at Risk - #Lazarus
North Korean state-backed threat group Tenacious Pungsan has been identified using malicious npm packages like 'blockscan-api', 'passport-js', and 'bcrypts-js' to distribute the BeaverTail information-stealing malware as part of their Contagious Interview campaign aimed at developers. This highlights the increasing risk faced by individual developers from DPRK-linked actors. The report builds on recent insights by Palo Alto Networks Unit 42 regarding new payloads in the Contagious Interview intrusions. Concurrently, other cybersecurity news includes the successful dismantling of Meta and Redline infostealers by Operation Magnus and a notable rise in Latrodectus malware attacks, especially affecting the manufacturing sector which has seen an unprecedented surge in cyberattacks.