使用Beavertail惡意軟件來竊取憑據，過濾式加密貨幣數據並部署持續的後門。

北韓國Lazarus Group在NPM和Cryper Indore

他們的發現，這些軟件包的惡意下載了300次，旨在竊取登錄憑據，部署後門並從Solana相關的加密貨幣錢包或出埃及記中提取敏感數據。 The malware specifically targets browser profiles, scanning files from Chrome, Brave, and Firefox, as well as keychain data on macOS.

The identified packages — is-buffer-validator, yoojae-validator, event-handle-package, array-empty-validator, react-event-dependency, and auth-validator — use typosquatting, tricking developers

“被盜數據是然後通過HXXP：//172.86.84 [。] 38：1224/上載，在Lazarus有充分記錄的收穫和傳播損害信息的策略之後，將其淘汰到硬編碼的C2服務器上。”

Kirill Boychenko, threat intelligence analyst at Socket Security

You might also like: Bybit hack a ‘North Korea issue’ and not a crypto issue:pro

Lazarus has previously used supply chain attacks through npm, GitHub, and PyPI to infiltrate networks, contributing to major hacks like the $1.5 billion Bybit exchange heist.網絡安全專家指出，該小組的策略與過去的廣告系列相吻合。據報導，這次襲擊是通過損害Bybit技術提供商Seaf的員工計算機來進行的。違規後不到兩週，拜比特的首席執行官本·週（Ben Zhou）表示，由於黑客使用混合服務，大約有20％的被盜資金變得無法追踪。

閱讀更多：報告：報告：報告：歐洲監督機構，調查OKX對OKX的Web3 Service bybit Heist Heist Heist Heist Service進行調查