Lazarus "graphalgo" fake-recruiter campaign (npm + PyPI)
ReversingLabs attributed an ongoing fake-recruiter campaign (active since May 2025, reported Feb 2026) to North Korea's Lazarus Group (overlapping Jade Sleet / UNC4899). Crypto, JavaScript, and Python developers are lured via LinkedIn/Reddit/Facebook into interview "coding tasks" that pull a token-protected RAT loader from npm and PyPI. ~192 malicious packages attributed in total; bigmathutils alone passed 10,000 downloads.
- Threat actor
- Lazarus Group (Jade Sleet / UNC4899)
- Detected by
- ReversingLabs
- Also known as
- Contagious Interview · Famous Chollima · fake recruiter campaign
- Ecosystems
- npmPyPI
- Packages tracked
- 30
What happened
ReversingLabs published this attribution write-up on February 11, 2026, covering activity that had been running since at least May 2025. The cluster overlaps with what other vendors call Jade Sleet, UNC4899, and the Contagious Interview / Famous Chollima subsets of North Korea's broader Lazarus Group.
The social-engineering vector is the consistent thread: targets — typically crypto, Web3, JavaScript, or Python developers — are approached on LinkedIn, Reddit, or Facebook with a recruiter pitch. The "interview" includes a coding task hosted in a public repo. That repo pulls a private npm or PyPI dependency that the attacker controls, and the dependency carries a token-protected RAT loader. The token gate is the giveaway: it means casual npm install outside the live interview window resolves a clean package, so casual third-party inspection misses it.
ReversingLabs catalogued roughly 192 malicious packages across npm and PyPI in this cluster. bigmathutils alone passed 10,000 downloads — uncharacteristically high for a Contagious Interview package, suggesting it caught accidental installs from name-overlap with legitimate utilities. Most other packages stayed in the low double or triple digits, consistent with targeted delivery.
The stealer toolkit enumerates browser-wallet extensions (MetaMask, Phantom, etc.), exfiltrates seed material and credentials, and establishes a foothold for follow-on hands-on-keyboard work. Treat any unsolicited "coding task" repo as malware delivery and run installs in disposable sandboxes.
Affected packages (30)
- npm
bigmathex - npm
bigmathix - npm
bigmathlib - npm
bigmathutils1.0.01.1.0 - npm
bignumberx - npm
bignumex - npm
bignumx - PyPI
bigpyx - npm
graphalgo2.2.5-pre2.2.62.2.72.2.82.2.92.2.102.2.11 - PyPI
graphalgo-py3.5.1rc0.dev03.5.23.5.33.5.53.5.6 - npm
graphchain - PyPI
graphdict - PyPI
graphex3.5.73.5.83.5.93.5.10 - npm
graphflowx - npm
graphflux - npm
graphhub - npm
graphkitx - npm
graphlibcore2.2.62.2.72.2.82.2.92.2.102.2.11 - PyPI
graphlibx - npm
graphnet - npm
graphnetworkx2.1.62.1.72.1.82.1.92.1.102.1.11 - PyPI
graphnode - npm
graphorbit - npm
graphorithm2.2.62.2.72.2.82.2.9 - npm
graphrix - npm
graphstruct2.2.62.2.72.2.8 - PyPI
graphsync - npm
netstruct2.1.62.1.8 - npm
terminal-kleur - npm
terminalcolor2562.0.22.0.32.1.02.2.02.2.6
Impact
- MetaMask and other browser-wallet enumeration plus credential theft
- Token-protected C2 enables targeted post-exploitation
- Persistent foothold via interview tasks disguised as coding challenges
What to do
- 1Audit dependency trees for any package name in the
graph*orbig*math/num*families - 2Treat unsolicited interview-task repos as malware delivery vehicles
- 3Run installs in disposable sandboxes when evaluating third-party challenges