Lazarus Plants Malicious Packages in npm and PyPI Registries

Security researchers have uncovered a fresh Lazarus Group campaign targeting blockchain and cryptocurrency developers through poisoned npm and PyPI packages. The operation, codenamed "graphalgo" after its first npm package, has been active since May 2025 and uses fake recruitment lures to trick developers into installing malware.

This campaign differs from the ClickFix-based fake interviews we covered in January. Where ClickFix tricks victims into executing PowerShell commands, graphalgo embeds the malicious payload in open-source dependencies—a more subtle supply chain attack that can persist in development environments unnoticed.

The Social Engineering Setup

Lazarus operators approach targets through LinkedIn, Facebook, and Reddit, posing as recruiters for fictitious blockchain companies. The primary cover identity is "Veltrix Capital," presented as a cryptocurrency trading firm.

The approach follows a consistent pattern:

1. Recruiter contacts developer with enticing job offer
2. Target receives GitHub repository containing "coding assessment"
3. Repository appears legitimate but requires malicious dependencies
4. Developer installs dependencies locally to complete assessment
5. Malware deploys through the package manager

The deception is effective because the malicious code isn't in the interview repository itself—it's in the dependencies. A security-conscious developer reviewing the assessment code won't find anything suspicious.

Malicious Package Distribution

Researchers identified 36 packages across both registries:

npm (24 packages): graphalgo, graphorithm, graphstruct, graphlibcore, netstruct, graphnetworkx, terminalcolor256, graphkitx, graphchain, graphflux, graphorbit, graphnet, graphhub, terminal-kleur, graphrix, bignumx, bignumberx, bignumex, bigmathex, bigmathlib, bigmathutils, graphlink, bigmathix, graphflowx

PyPI (12 packages): graphalgo, graphex, graphlibx, graphdict, graphflux, graphnode, graphsync, bigpyx, bignum, bigmathex, bigmathix, bigmathutils

One package—bigmathutils—accumulated more than 10,000 downloads after its initial, non-malicious version was published. The malicious payload was added in a subsequent update, catching existing users in the trap.

RAT Capabilities

The packages act as first-stage loaders that deploy a remote access trojan from attacker-controlled infrastructure. The RAT provides:

• System information gathering
• File and directory enumeration
• Process listing
• File operations (create, rename, delete, upload/download)
• MetaMask browser extension detection
• Command execution via remote server

The MetaMask targeting is notable—Lazarus has consistently pursued cryptocurrency theft as a revenue stream for North Korean state operations. We covered their $2 billion in cryptocurrency theft during 2025.

Token-Based C2 Architecture

The campaign uses a token-based command-and-control mechanism that researchers note is distinctive to Lazarus operations:

1. Infected system registers with C2 server
2. Server responds with authentication token
3. Subsequent communications require valid token
4. Only registered infected systems can communicate with C2

"The token-based approach is a similarity [to 2023 campaigns] and has not been used by other actors in malware hosted on public package repositories as far as we know," researchers noted.

This fingerprint connects graphalgo to Jade Sleet (also tracked as TraderTraitor and UNC4899)—a North Korean cluster previously observed using identical C2 mechanisms.

Developer Protections

Organizations with blockchain or cryptocurrency development teams should:

1. Audit installed packages against the list above and remove any matches
2. Review dependency sources before installing packages for "assessments"
3. Train developers to recognize recruitment-based social engineering
4. Enable package lockfiles to prevent unexpected dependency updates
5. Use organizational package proxies that can scan for known-malicious packages

The supply chain attack vector remains one of Lazarus's most effective techniques. For deeper background on their operations, see our guide to North Korea's cyber operations.

Why This Matters

North Korean threat actors have refined the fake recruitment playbook over several years. The graphalgo campaign shows continued investment in supply chain attacks specifically targeting the cryptocurrency sector.

The 10,000+ downloads on bigmathutils before it turned malicious demonstrates the risk of dependency trust. Developers assume packages in official registries are safe. Lazarus exploits that assumption by publishing legitimate-looking packages, building download numbers, then adding malicious updates.