North Korea’s Lazarus hacking group has been linked to six new disruptive npm packages, which appear to target specific developers and could extract cryptocurrency data. The malicious packages, which have been downloaded over 330 times collectively, use misspelled names in a technique known as typosquatting to trick developers into unknowingly installing them. The techniques used in the attack closely align with previous tactics employed by the infamous Lazarus group, who have been linked to numerous high-profile crypto hacks.
26 million devices are infected by malware that steals bank card data including passwords
A malware attack targeted 25 million device users in 2023 and 2024, stealing sensitive data including bank card numbers and passwords. Kaspersky estimates that 2.3
