Graphalgo fake recruiter campaign returns

ReversingLabs researchers detail the 'graphalgo' campaign that uses fake job interviews and spoofed crypto companies to trick developers into running setup scripts that fetch malicious dependencies from typo-squatted GitHub release artifacts; the payload is a multi-stage downloader leading to a RAT. The report describes novel TTPs (moving malicious dependencies into package-lock.json, hosting malicious artifacts as GitHub releases, git history rewriting to fabricate contributor trust, and blockchain-based infection signaling), provides IOCs (eg. huvaret.art and Ethereum contract/address), and links the activity to North Korean state-sponsored actors.