North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors linked to North Korea are distributing malicious npm packages that masquerade as Rollup polyfill tools to steal developer secrets and facilitate remote access. These packages employ a layered, multi-stage structure to evade detection and exfiltrate sensitive credentials and cloud keys from developer workstations.

Edward Kiledjian @ekiledjian