North Korean fraudsters target JavaScript and Python developers with fake maintenance tasks, spread malware


  • Lazarus Group develops Operation Dream Job campaign to target Web3 developers
  • New “Graphalgo” variant uses malicious dependencies in simple, legitimate projects on PyPI/npm
  • ReversingLabs found around 200 malicious packages spoofing libraries like graphlib, with the aim of stealing cryptocurrencies.

The notorious Lazarus gang is evolving its Operation Dream Job campaign to target even more software developers and steal even more crypto along the way.

Security researchers at ReversingLabs say they have seen changes in the campaign launched in May 2025, dubbed “Graphalgo”, which sees Lazarus take a simple, legitimate project and add a malicious dependency that they use in the attack.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top