The “Graphalgo” campaign represents a modular software supply-chain intrusion targeting developers directly.Per ReversingLabs findings:• 192 malicious npm/PyPI packages• Delayed payload activation (post-version change)• GitHub repos clean — malicious logic introduced via dependency chain• RAT variants in JS, Python, VBS• MetaMask wallet targeting• Token-protected C2 channels• GMT+9 commit indicatorsAttribution aligns with historical tradecraft associated with Lazarus Group:Crypto-focused targetingRecruitment vector infectionPatience-based staged activationThis is a direct developer-layer attack bypassing enterprise perimeter defenses.Source: https://www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/Are dependency registries the new primary attack surface?Engage below.Follow @technadu for advanced threat analysis.#ThreatIntel #SupplyChainSecurity #MalwareAnalysis #RAT #OpenSourceSecurity #DevSecOps #LazarusGroup #PackageSecurity #AppSec #BlueTeam #CyberThreats #IoC #Infosec
