North Korean XORIndex malware hidden in 67 malicious npm packages www.bleepingcomputer.com/news/secu…

North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online repository to deliver a new malware loader called XORIndex to developer systems.

The packages collectively count more than 17,000 downloads and were discovered by researchers at package security platform Socket, who assess them to be part of the continued Contagious Interview operation.

Socket researchers say that the campaign follows threat activity detected since April. Last month, the same actor infiltrated npm with 35 packages that dropped information stealers and backdoors onto developers’ devices.