PolinRider: DPRK Threat Actor Implants Malware in Hundreds of GitHub Repos | OpenSource Malware Blog

A North Korean threat actor, known as PolinRider, has compromised hundreds of public GitHub repositories by implanting malware that steals credentials and cryptocurrency. The malware, a variant of the DPRK Beavertail, is spread through compromised npm packages and malicious VS Code extensions, impacting supply chains and extending its reach to users and contributors of affected open-source projects.