North Korea-linked actors tied to the Contagious Interview campaign have published 108 malicious npm, Composer, Go and Chrome extension packages under the PolinRider activity cluster. The campaign targets developers and crypto-sector workers, uses compromised or manipulated repositories, hides JavaScript loaders in legitimate-looking projects, and can deliver DEV#POPPER RAT and OmniStealer. The main takeaway is that repository history and package appearance can no longer be treated as reliable trust signals.
North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
Edward Kiledjian
@ekiledjian