Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks

The Lazarus Group, a North Korean threat actor, is using a new JavaScript implant called Marstech1 in targeted attacks against developers. The implant, delivered through a compromised GitHub repository, collects system information and alters settings related to cryptocurrency wallets like MetaMask. This campaign, dubbed Marstech Mayhem, highlights the group’s sophisticated approach to evade detection and underscores the risks of insider threats from North Korean IT workers.