Fake recruiter campaign targets crypto devs

ReversingLabs describes the graphalgo supply-chain campaign attributed to North Korea’s Lazarus Group that lures JavaScript and Python developers with fake recruiter job tasks and malicious GitHub/npm/PyPI dependencies; the campaign uses modular fake companies and repositories to distribute downloader packages which fetch a token-protected RAT (with Metamask checks) from C2 infrastructure (e.g., codepool.cloud), has amassed substantial downloads (e.g., bigmathutils >10K), and includes multiple IoCs and cross-language payloads indicating a high-sophistication, ongoing APT operation.