Security News > 2023 > July > GitHub warns of Lazarus hackers targeting devs with malicious projects

GitHub warns of Lazarus hackers targeting devs with malicious projects
2023-07-20 22:48

GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware.

In a new security alert, GitHub warns that the Lazarus Group is compromising legitimate accounts or creating fake personas that pretend to be developers and recruiters on GitHub and social media.

"GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms, using a combination of repository invitations and malicious npm package dependencies," explained the GitHub security alert.

GitHub says these projects utilize malicious NPM dependencies that download further malware to targets' devices.

While GitHub only shared that the malicious NPM packages act as a first-stage malware downloader, they referenced a June report by Phylum that goes into more detail regarding the malicious NPMs. According to Phylum, the NPMs act as malware downloaders that connect to remote sites for additional payloads to execute on the infected machine.

GitHub says that they have suspended all NPM and GitHub accounts and published a complete list of indicators regarding the domains, GitHub accounts, and NPM packages associated with the campaign.


News URL

https://www.bleepingcomputer.com/news/security/github-warns-of-lazarus-hackers-targeting-devs-with-malicious-projects/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90