In a detailed investigation by Socket security researchers, a new malicious npm package, “postcss-optimizer,” has been linked to the notorious North Korean Advanced Persistent Threat (APT) group Lazarus. The package, posing as a legitimate open-source dependency, was found to contain malicious code, including the BeaverTail malware, which functions as both an infostealer and a malware … Continue reading Lazarus Hackers Deploy Malicious NPM Packages on Software Developers Systems