North Korea’s infamous Lazarus Group is now distributing fake open-source software tools laced with malware, shifting its focus from disruption to long-term infiltration. According to research by Sonatype, the group has deployed over 230 malicious packages in 2025 alone, disguising them as legitimate developer tools. These "shadow downloads" are designed to trick unsuspecting developers into downloading malware that grants attackers persistent access.
Lazarus has previously been tied to major cyberattacks like the Sony Pictures hack and the WannaCry ransomware outbreak, but has more recently pivoted to stealthy tactics, including cryptocurrency theft. Their latest approach uses modular malware and evasion techniques to embed threats into the open-source ecosystem. Sonatype warns that developers who fail to vet downloads carefully may fall victim to these traps. This marks a concerning evolution in Lazarus Group’s strategy, targeting high-value software supply chains.
Read more...