Lazarus Group Using Git Hooks To Hide Malware
ID: 6e8996c7-2d66-587f-b63e-7d8751092622
STIX ID: report--6e8996c7-2d66-587f-b63e-7d8751092622
Feed Name: OpenSourceMalware Blog
Date Published: 2026-05-06
Date Updated: 2026-06-20
Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2
OpenSourceMalware discovered a Lazarus Group campaign (Contagious Interview / TaskJacker) that hides a stage‑2 loader in Git hooks (.githooks/pre-commit and post-checkout) to silently fetch platform-specific payloads from precommit.vercel.app, delivering InvisibleFerret/Beavertail implants for crypto wallet and credential theft; the report includes C2 URLs, a git blob SHA, and a GitHub hunt query to locate similar malicious repos.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
