281/68 Tuesday, August 5, 2025
The Lazarus Group, a hacking collective linked to the North Korean government, has once again been exposed for evolving its tactics-this time leveraging open-source software to distribute malware. Cybersecurity firm Sonatype recently reported the discovery of so-called “shadow downloads”—malicious files masquerading as popular software development tools embedded in over 200 packages. These packages contain hidden malicious code designed for long-term infiltration.
According to the report, Lazarus has shifted from disruptive attacks to persistent, stealthy compromises. Their malware now employs modular code, custom payloads, and evasion strategies to target high-value victims, particularly within the open-source software development community. Lazarus has a long history of cybercrime, including the 2014 Sony Pictures hack, the 2016 Bangladesh Bank heist, and the 2017 WannaCry ransomware outbreak.
Recently, the group has focused on cryptocurrency theft, targeting unsuspecting developers through sophisticated lures involving malicious downloads. Sonatype’s findings underscore the urgent need for stronger security checks within the open-source ecosystem. Without strict validation of development tools, even trusted environments risk becoming entry points for nation-state-backed cyberattacks.
Source https://www.theregister.com/2025/08/04/infosec_in_brief/
