Lazarus Group concealed a four-module remote access toolkit inside six fake npm Rollup polyfill packages that fired at import ...
All payloads use api: "every" meaning they are available to every customer, not restricted by API key. The earliest payload dates to November 2024, proving the operation has been actively maintained ...