- Lazarus Group develops Operation Dream Job campaign to target Web3 developers
- New “Graphalgo” variant uses malicious dependencies in simple, legitimate projects on PyPI/npm
- ReversingLabs found around 200 malicious packages spoofing libraries like graphlib, with the aim of stealing cryptocurrencies.
The notorious Lazarus gang is evolving its Operation Dream Job campaign to target even more software developers and steal even more crypto along the way.
Security researchers at ReversingLabs say they have seen changes in the campaign launched in May 2025, dubbed “Graphalgo”, which sees Lazarus take a simple, legitimate project and add a malicious dependency that they use in the attack.
For those unfamiliar with Operation Dream Job, it is an ongoing campaign created by North Korean state-sponsored hackers. They create fake job postings on LinkedIn and other platforms and offer attractive jobs to software developers mainly working in the Web3 (blockchain) industry.
Code name Graphalgo
During the “hiring process”, they ask candidates to pass a few tests which always result in victims downloading and running malicious codes. This code may be different, but the goal is always to empty their crypto wallets – whether standalone apps, browser add-ons, or accounts on popular crypto exchanges.
“It is easy to create such task repositories. Malicious actors simply need to take a legitimate project and fix it with a malicious dependency and it is ready to be served to targets,” the researchers said. Most of these projects are hosted on legitimate platforms such as PyPI or npm, making it more difficult for victims to spot the attack.
So far, ReversingLabs has found almost 200 malicious packages.
The update was named Graphalgo because all of the malicious packages had the “graph” prefix in their name and often spoofed classic libraries such as graphlib. More recently, “graph” has been replaced by “big,” but researchers have yet to find the recruiting part that comes with these packages.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
