- North Korean Hackers uploaded over 300 malicious code packages to the public JavaScript library npm.
- The attack targeted developers in the Web3 and crypto sectors, aiming to steal passwords and digital wallet keys.
- Malicious packages were downloaded about 50,000 times before most were removed.
- Attackers posed as fake tech recruiters to entice victims, using tactics seen in prior state-backed cyber operations.
- Security experts warn that supply-chain attacks like this are a growing threat to the software development community.
A Cybersecurity firm reported that North Korean hackers deployed more than 300 malicious code packages onto the npm registry, a tool used widely to share JavaScript software. The attack, discovered by Socket, was called the “Contagious Interview” campaign and appears to have targeted developers in the blockchain and cryptocurrency industries.
According to the cybersecurity researchers, the malicious packages installed software designed to steal login credentials, browser data, and cryptocurrency wallet keys. These packages were downloaded about 50,000 times before most were removed, though some remain available. Attackers made the code look legitimate, often using similar names to trusted software libraries.
The campaign used encrypted scripts that ran secretly in computer memory, making detection difficult. Socket linked the effort to North Korean state-sponsored hackers based on the technical patterns and tactics used, including impersonating recruiters through fake LinkedIn accounts. Security experts warn that this type of software supply-chain attack enables malicious code to be added to many apps through standard updates and shared code.
The npm platform, owned by GitHub, said it removes harmful packages when found and is improving identity checks for users. However, security researchers described the ongoing challenge as “whack-a-mole: take down one set of malicious packages, and hundreds more soon take their place.”
Previous cases from agencies like the U.S. Cybersecurity and Infrastructure Security Agency show that North Korea has stolen billions of dollars in digital assets using similar methods. Experts stress that open-source software’s accessibility, while a strength, exposes projects to these risks. Developers are advised to treat every software installation as a potential threat and to check dependencies with automated security tools. More information about npm can be found here.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Walmart Stock Hits ATH After OpenAI Deal, Eyes $125 Target
- GitHub Suspension Sparks Concerns Over Microsoft’s Bitcoin Power
- Gold Surges to Record $4,200 as Safe-Haven Demand Soars Globally
- Shiba Inu Price: Can SHIB Ever Reach $1 Amid Massive Supply?
- ZachXBT Unmasks Railgun Withdrawals Linked to $28M Bittensor Hack
