Graphalgo: the campaign that uses job offers and malicious packages in npm and PyPI to steal crypt

Cybersecurity researchers have raised the alarm for a coordinated campaign that is using public package repositories - npm and PyPI - as a vector to engage developers and job candidates in the critical sector. The operative, traced under the code name stapalgo, uses a tactic that combines social engineering and supply chain poisoning: job offers, profiles and apparently legitimate technical assessment repositories are created so that those who apply end up running projects that depend on malicious packages housed in public records.

According to the analysis published by ReversingLabs, the campaign started around May 2025 and is linked to an actor with ties to North Korea known as Lazarus Group. The attackers mount all the choreography necessary to appear credible: they create fictitious companies focused on blockchain and cryptomoneda trading, register domains, manage organizations in GitHub and publish alleged technical exercises. In many cases they contact the candidates by LinkedIn or by Facebook and Reddit groups to attract them to participate in the selection processes. You can read the ReversingLabs report here: ReversingLabs - Fake recruiter campaign.

The trick is at the point where the candidate clones and runs the evaluation repository: these projects do not contain obvious malicious code, but they depend on packages published in npm or PyPI that are. When the developer installs dependencies, he ends up bringing with him a Remote Access Trojan (RAT) that is registered with a command and control server (C2). The implemented malware allows you to collect system information, list files, manage processes, move and exfilter files, and even check the presence of billet extensions such as MetaMask - a clue that the ultimate goal includes the removal of cryptomoneda-related assets and credentials.

A striking technical aspect of this RAT is its mechanism of communication with the C2: first it sends system data as part of a registration step and receives in return a token. This token protects subsequent requests so that only registered and authorized customers can exchange commands. ReversingLabs points out that this tokenization technique is not common in malicious packages uploaded to public repositories and coincides with tactics observed in previous campaigns attributed to North Korean groups, such as the family known as Jade Sleet / UNC4899.

It is not an isolated phenomenon within the npm ecosystem. JFrog described another sophisticated threat in a package called "dori-js" containing an info-stealer known as Bada Stealer. This malware is able to extract tokens from Discord, credentials, cookies and self-completed browser data based on Chromium, as well as information from cryptomonedas, and exfiltrate those data by means of a Discord webhold and storage in third-party services. In addition, the secondary load of this package is grafted to persist in the start of the Discord desktop application, taking advantage of the Electron environment, according to JFrog's analysis: JFrog Research - dorm- js.

In parallel, a different campaign was detected that abuses the installation flow itself to extort: named XPACK ATTACK by OpenSourceMalware, this technique blocks the installation by making the developer believe that he has reached a legitimate paywalkway, using the HTTP 402 ("Payment Required") status code as a subterfuge. The installation is interrupted until the victim pays a small sum in cryptomoneda; if it does not pay, the process simply fails after consuming valuable minutes of the developer, all while the attacker collects traces of the device and GitHub user names. More technical information on this campaign is available in the OpenSourceMalware report and in the explanation of the 402 code in MDN: OpenSource and MDN - HTTP 402.

These incidents are a reminder that development security is no longer limited to its own code: third-party units and recruitment workflows can be direct vectors for complex and targeted intrusions. When the target is a professional of the critical ecosystem, the interest of the attacker often goes beyond technical espionage and is also directed to direct profit through the theft of credentials and funds. The researchers highlight the modularity and patience of these actors: they build confidence for weeks or months, use multiple fronts and encrypt their components to make the analysis difficult.

What can developers and security officials do? A critical attitude to newly published repositories and packages should be maintained, especially when they appear in the context of technical tests or selection processes. Unit analysis tools, package signatures, lock file version blocking, running in isolated environments (virtual machines, containers or sandboxes) and maintainer review are practices that reduce the risk of running malicious code. It is also useful to integrate automatic device scanning into the CI / CD chain and understand the security capabilities offered by the records themselves; PyPI and npm have documentation and security mechanisms that should be known: PyPI - Security and npm - Docs. GitHub, for its part, has developed guides and tools to protect the software supply chain: GitHub - Supply Chain Security.

The most extensive lesson is institutional: the open source community and package platforms must continue to improve controls to detect and block actors trying to abuse the ecosystem. At the same time, legitimate companies and recruiters need to adopt practices to verify identities and selection processes so that candidates and developers do not end up running artifacts in production environments from their personal machines. Meanwhile, prudence and strict separation between working and test environments will remain the first line of defense against campaigns that combine social engineering with increasingly sophisticated malware.