Security News > 2023 > July > GitHub warns of Lazarus hackers targeting devs with malicious projects
GitHub is warning of a social engineering campaign targeting the accounts of developers in the blockchain, cryptocurrency, online gambling, and cybersecurity sectors to infect their devices with malware.
In a new security alert, GitHub warns that the Lazarus Group is compromising legitimate accounts or creating fake personas that pretend to be developers and recruiters on GitHub and social media.
"GitHub has identified a low-volume social engineering campaign that targets the personal accounts of employees of technology firms, using a combination of repository invitations and malicious npm package dependencies," explained the GitHub security alert.
GitHub says these projects utilize malicious NPM dependencies that download further malware to targets' devices.
While GitHub only shared that the malicious NPM packages act as a first-stage malware downloader, they referenced a June report by Phylum that goes into more detail regarding the malicious NPMs. According to Phylum, the NPMs act as malware downloaders that connect to remote sites for additional payloads to execute on the infected machine.
GitHub says that they have suspended all NPM and GitHub accounts and published a complete list of indicators regarding the domains, GitHub accounts, and NPM packages associated with the campaign.
News URL
Related news
- Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer (source)
- GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- Acuity confirms hackers stole non-sensitive govt data from GitHub repos (source)