- Lazarus Group develops Operation Dream Job campaign to target Web3 developers
- New “Graphalgo” variant uses malicious dependencies in legitimate bare-bones projects on PyPI/npm
- ReversingLabs found ~200 malicious packages that spoofed libraries like graphlib for the purpose of stealing crypto
The infamous Lazarus gang is evolving its Operation Dream Job campaign to target even more software developers and steal even more crypto along the way.
Security researchers ReversingLabs claim to have seen changes to the May 2025 campaign, dubbed ‘Graphalgo’, which sees Lazarus take a legitimate bare-bones project and add a malicious dependency that they use in the attack.
For those unfamiliar with Operation Dream Job, it is an ongoing campaign created by North Korean state-sponsored hackers. They create fake job ads on LinkedIn and other platforms and offer enticing jobs to software developers who primarily work in the Web3 (blockchain) industry.
Code name Graphalgo
During the “hiring process”, they ask the candidates to go through a few test tasks, which always end with the victims downloading and running malicious code. That code may be different, but the goal is always to empty their crypto wallets – be it standalone apps, browser add-ons, or accounts on popular crypto exchanges.
“Creating such job repositories is easy. Threat actors simply need to take a legitimate bare-bones project and patch it with a malicious dependency, and it’s ready to be served to targets,” the researchers said. Most of these projects are hosted on legitimate platforms such as PyPI or npm, making it harder for victims to spot the attack.
So far, ReversingLabs has found nearly 200 malicious packets.
The update was dubbed Graphalgo because all the malicious packages had the prefix “graph” in their name and often spoof common libraries such as graphlib. More recently, “graph” was replaced with “large,” but researchers have yet to find the recruiting part that comes with these packages.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
