The Socket research team has discovered that the North Korean hacker group Lazarus is associated with six malicious npm packages, attempting to deploy backdoors to steal user credentials and encrypted wallet data, particularly targeting Solana and Exodus wallets. The attack targets include Google Chrome, Brave, Firefox browser files, and macOS keychain data, mainly affecting developers who unknowingly install these software packages. The six malicious software packages are is buffer validator yoojae-validator、event-handle-package、array-empty-validator、react-event-dependency With auth validator, attackers use domain registration and spelling errors to trick developers into installing, and five packages are also disguised as GitHub open source projects, increasing the risk of infection. Currently, these malicious software packages have been downloaded over 330 times. （Decrypt） https://www. (wublock123.com)/index.php? m=content&c=index&a=show&catid=6&id=39367