North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

thehackernews

North Korea-linked actors tied to the Contagious Interview campaign have published 108 malicious npm, Composer, Go and Chrome extension packages under the PolinRider activity cluster. The campaign targets developers and crypto-sector workers, uses compromised or manipulated repositories, hides JavaScript loaders in legitimate-looking projects, and can deliver DEV#POPPER RAT and OmniStealer. The main takeaway is that repository history and package appearance can no longer be treated as reliable trust signals.

Edward Kiledjian @ekiledjian