North Korea Floods npm Registry with Malware - GovInfoSecurity

North Korean threat actors uploaded 67 new malicious packages to the npm Registry, targeting open-source JavaScript developers. The malware, part of the Contagious Interview campaign, uses loaders like XORIndex and HexEval to collect host telemetry and execute JavaScript payloads, ultimately deploying a backdoor. The campaign, which began in April 2025, demonstrates an ongoing refinement of tools and persistence in targeting the open-source supply chain.