Lucene search

K

GoogleOSV:MAL-2023-1549

HistoryJul 04, 2023 - 12:00 a.m.

Malicious code in binance-price (npm)

2023-07-0400:00:00

Google

osv.dev

3

lazarus group

blockchain

cryptocurrency

npm packages

supply chains

social engineering

AI Score

7.2

Confidence

Low

-= Per source details. Do not edit below this line.=-

Source: checkmarx (421081a4101ed61796fd72e7dec62cafa098a1d01934298a2ef82ef7187c4934)

Lazarus Group targeting blockchain and cryptocurrency companies by exploiting software supply chains through malicious npm packages and social engineering tactics

References

blog.phylum.io/junes-sophisticated-npm-attack-attributed-to-north-korea/

medium.com/checkmarx-security/lazarus-group-launches-first-open-source-supply-chain-attacks-targeting-crypto-sector-cabc626e404e

security.snyk.io/vuln/SNYK-JS-BINANCEPRICE-5803117

AI Score

7.2

Confidence

Low