Lazarus Group Plant Malware in Popular Open Source Tools
A North Korean hacker group called Lazarus Group is back in action—and their latest trick is spreading harmful software by disguising it as trusted developer tools. These fake tools look like open source software, which is usually free and safe to use, especially for building websites, apps, and digital services. But hidden inside these fake tools is dangerous malware.
A cybersecurity company recently revealed that Lazarus Group has created 234 malware-filled software packages just in the first six months of 2025. Hackers are sharing these dangerous files through places where developers usually download code, making them hard to detect.
Lazarus is known for several high-profile cyberattacks. These include the Sony Pictures hack in 2014, a bank attack in Bangladesh in 2016, and the WannaCry ransomware attack in 2017 that affected computers around the world. In recent years, the group has focused more on stealing cryptocurrency and now seems to be targeting software developers directly.
The goal? Hackers trick developers into downloading these malware-laden tools, which then secretly give them access to sensitive systems, allow them to steal information, or spy on organizations for a long time without being noticed.
New Tactics Aim at Long-Term Spying
Experts say the Lazarus Group is no longer just trying to cause damage. Instead, they are working on long-term spying missions. They do this by creating malware that hides deep in computer systems and stays there for as long as possible. The group is now using smart tricks like modular payloads (malware that comes in small parts) and advanced techniques to avoid being caught.
This method allows them to quietly stay inside company systems, collect information, and possibly steal money or secrets. Developers, especially those using open source software, are now at high risk if they don’t double-check their downloads.
🌐 Teen Hacker’s $37M Crypto Crime Spree Exposed: Inside the SIM Swap That Shook the Blockchain
Open source software is popular because anyone can see its code and use it. But Lazarus is taking advantage of this openness. Their fake tools look exactly like trusted ones, making it easy to fool even experienced developers. This is a serious threat to companies, governments, and regular users who rely on software built using open source tools.
In contrast to such attacks, companies like Microsoft are taking steps to strengthen digital defenses. Microsoft recently increased its bug bounty rewards, offering up to $40,000 for major security flaws found in .NET and ASP.NET Core platforms. It also improved monitoring in Microsoft Teams to help detect suspicious activity.
Why This Is a Major Concern for Everyone
You might think this only affects coders or tech companies—but that’s not true. Developers often build the software we use every day—like banking apps, hospital systems, and online games—using open source tools. If hackers secretly fill those tools with malware, they put millions of people at risk.
Cyber experts are urging developers and tech teams to check every download and update carefully. If a fake tool is used while building an app, the malware can quietly spread to every user who installs that app.
This is one of the biggest software supply chain threats seen in recent times. A supply chain threat means the hackers attack early in the software-building process. Instead of breaking into a system from the outside, they sneak in through the tools used to build the software itself.
As Lazarus Group continues to grow more advanced and sneaky, it’s clear that no one can afford to ignore this issue. Companies and developers must stay alert, and users should keep their apps updated and only download from trusted sources.
The Lazarus Group has once again shown how far they’re willing to go to cause harm and steal data. Their latest plan of using fake open source software is not only clever—it’s also extremely dangerous for everyone.
