As detailed by a Computing.co.uk report, the Lazarus Group injected harmful Javascript into Github projects under the pseudonym “Successfriend,” while subverting NPM tools relied on by blockchain engineers. Codenamed “Operation Marstech Mayhem,” the initiative exploits weaknesses in software supply chains to disseminate the Marstech1 malware, designed to infiltrate wallets such as Metamask, Exodus, and Atomic.

Marstech1 combs infected devices for cryptocurrency wallets, then manipulates browser settings to clandestinely redirect transactions. By disguising itself as benign system activity, the code evades security scans, allowing persistent data extraction. Computing.co.uk says this represents 2025’s second significant Github-based breach, mirroring January 2025 incidents where attackers weaponized the platform’s reach to propagate malicious software.

The report further notes that Securityscorecard verified 233 compromised entities spanning the U.S., Europe, and Asia, with Lazarus-linked scripts operational since July 2024—a year witnessing a threefold jump in open-source malware incidents. Parallel strategies emerged in January 2025, when counterfeit Python libraries masquerading as Deepseek AI utilities were purged from PyPI for harvesting developer logins.

Analysts caution that such incursions may proliferate significantly in 2025, fueled by open-source ubiquity and intertwined development pipelines. Computing.co.uk explains that a Security Week article referenced the World Economic Forum’s (WEF) recent classification of supply chain vulnerabilities as a premier cybersecurity threat.

Lazarus’ newest endeavor epitomizes the advanced tactics of government-sponsored digital espionage aimed at vital tech frameworks. Computing.co.uk notes global entities are advised to scrutinize third-party code integrations and fortify review mechanisms to counter these threats.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。