Lazarus Group’s latest software supply chain operation is using fake recruiter lures and popular open‑source ecosystems to deliver malware to cryptocurrency‑focused developers quietly. The campaign, dubbed graphalgo, abuses GitHub, npm, and PyPI to hide multi‑stage payloads behind seemingly legitimate coding tasks and packages. Since early May 2025, attackers have been approaching JavaScript and Python developers via […]

The post Lazarus Group’s ‘Graphalgo’ Fake Recruiter Campaign Targets GitHub, npm, and PyPI to Spread Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.