Watching Lazarus Debug Malware on NPMjs

The post describes a real-time observation of the Lazarus group (North Korean APT) attempting to debug an exploit on NPMjs. The authors monitored a malicious package uploaded to NPMjs, which initially appeared unsuspicious but contained obfuscated malicious code hidden by spaces. The Lazarus group tried to fix the exploit by uploading new versions of the package but failed due to the absence of the 'axios' dependency. The malicious payload aimed to steal session tokens, browser data, crypto wallets, MacOs keychains, and infect the machine with backdoors.