NPM packages (Node Package Manager) are modules or program code libraries for modern JavaScript development. They are ready -made solutions that developers can use to create applications, instead of writing code from scratch.
Since the beginning of March 2025, six malicious NPM packets associated with Lazarus, which have already been loaded more than 300 times, have been identified in the GitHub repository. NPM packages, disguised as legitimate JavaScript libraries with names like IS-Buffer-Validator or Auth-Validator, contained harmful BEAVERTAIL.
The main goal of the hackers was to extract data from cryptocurrency wallets, including ID.json (Solana) and Exodus.wallet (Exodus), as well as theft of accounting data from browsers (Chrome, Brave, Firefox) and MacOS KeyChain keys.
Sockets believe that Solana and Exodus wallets have become priority targets for Lazarus because of their popularity. The main vulnerability of these wallets lies in the local storage of keys, which greatly facilitates the hackers with the theft of digital assets when infecting the victim device.
Researchers called on the developers of applications and crypto traders to show vigilance, since at the time of identification of the threat, fake NPM packets remain accessible to loading from the repository.
Earlier, BleepingComputer reported that Crazy Evil hackers abducted cryptocurrencies among applicants in the field of blockchain and Web3, publishing fake vacancies and introducing themselves as potential employers.
Source: Bits
I am an experienced journalist, writer, and editor with a passion for finance and business news. I have been working in the journalism field for over 6 years, covering a variety of topics from finance to technology. As an author at World Stock Market, I specialize in finance business-related topics.
