Key Findings North Korea-linked Lazarus Group registered legitimate US LLC to distribute malware targeting blockchain developers Hackers created fake company "Blocmerce" in Florida with fabricated CEO and official state filings using real residential addresses GraphAlgo campaign evolved from npm package distribution to hiding malware in GitHub release artifacts Remote Access Trojan (RAT) deployed after developers run test tasks, giving attackers full machine control Campaign
