Lazarus-Group

The Lazarus Group is conducting a brandjacking campaign on npm, using dozens of malicious packages like 'buffer-utilities' to deploy a Node.js backdoor that collects host information, establishes C2 communication, and maintains persistent attacker-controlled code execution, primarily targeting developers.

The Drift Protocol suffered a $280 million crypto theft orchestrated by North Korean hackers who spent six months building an in-person operational presence within the Drift ecosystem, engaging with contributors at crypto conferences and via Telegram.

The Lazarus Group is distributing a new variant of the Dacls RAT targeting macOS systems via a trojanized application, installing a hidden executable and attempting persistence.

The Lazarus APT group is distributing a macOS backdoor named AppleJeus via a fake cryptocurrency trading application called JMT Trader, persisting through a launch daemon and communicating with the C&C server beastgoc.com.

The Lazarus group's macloader malware (OSX.AppleJeus.C) uses a launch daemon for persistence and executes downloaded payloads directly from memory, communicating with a C2 server to retrieve second-stage payloads, posing a significant threat due to its fileless execution and potential for repurposing.