Lazarus Group hackers carry out a powerful cyberattack on Solana cryptocurrency wallets

The Lazarus hacker group, which has been linked to North Korea, has launched a new attack via the GitHub platform. The attackers have posted six malicious npm packages that can steal confidential data, including keys to cryptocurrency wallets. This was reported by Socket analysts.

The hackers used disguise tactics to pass off the infected packages as popular libraries that are often downloaded by developers. They created special repositories to make the attack seem more plausible and hoped that the malicious code would be embedded in real software products.

Experts note that the malware is focused on stealing data from crypto wallets, including Solana and Exodus. In addition, it can access saved files in Google Chrome, Brave, and Firefox browsers, as well as the Keychain storage in macOS. At the time of detection, the malicious packages had been downloaded more than 330 times.

Although it is difficult to definitively confirm the involvement of Lazarus, the methods of this attack are consistent with the tactics the group has been using since 2022. Researchers from Unit42, eSentire, DataDog, and Phylum have previously recorded similar operations.

Experts urged developers to immediately remove malicious files and check their projects for vulnerabilities. This is not the first time Lazarus has attacked the crypto industry — the group is known for hacking exchanges, wallets, and other cryptocurrency services to finance North Korean government programs.