BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

North Korean PolinRider Hackers Publish 108 Malicious Packages

North Korean PolinRider supply-chain attack expands, steals crypto via infected developer tools.

  • North Korean-linked threat actors, known as Contagious Interview, have expanded their PolinRider supply-chain campaign to 108 malicious packages and browser extensions.
  • The campaign actively compromises developer accounts and modifies public GitHub repositories, using sophisticated techniques like Git history rewriting to conceal malicious code.
  • Infected systems are deployed to target cryptocurrency sectors, ultimately delivering information-stealing malware like DEV#POPPER RAT and OmniStealer.
  • Security researchers recommend users treat any environment with these packages as fully compromised and rotate all exposed credentials immediately.

A North Korean-aligned hacking group has significantly expanded a persistent software supply-chain attack, deploying 162 malicious release artifacts across popular developer platforms. Security firm Socket reported this ongoing activity, dubbed PolinRider, now includes 19 npm libraries, 10 Composer packages, 61 Go modules, and a Chrome extension. Consequently, the campaign has compromised nearly 2,000 public GitHub repositories, according to OpenSourceMalware data.

- Advertisement -

The threat actors masquerade as recruiters on platforms like LinkedIn, using elaborate front companies to target cryptocurrency professionals. Their method, known as Contagious Interview, tricks developers into executing malicious code through fake job interviews. However, they have now shifted to directly compromising developer accounts and repositories.

Once a system is infected, the malware modifies key project configuration files to append malicious JavaScript code. It also uses stealthy scripts to rewrite Git commit history, making changes appear old and legitimate. “The core tradecraft remains consistent across the campaign: threat actors plant obfuscated JavaScript loaders in legitimate repositories, conceal the code through whitespace padding or fake .woff2 font files, and trigger execution through developer tooling such as VS Code task files,” Socket said.

The final payload acts as a loader that fetches encrypted malware from blockchain networks. This second-stage payload unpacks to information-stealers like DEV#POPPER RAT and OmniStealer. Users who have installed these packages should therefore treat their environment as fully compromised. Security experts advise rotating all exposed secrets from a clean machine and auditing repositories for suspicious changes.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

- Advertisement -

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

FatFs Flaws Let Malicious Media Hijack Millions of Devices

Seven vulnerabilities (CVE-2026-6682 to CVE-2026- 6688) were found in the widely used FatFs filesystem library,...

Saylor Rage-Quits Channel 4 Over Bitcoin Grilling

Michael Saylor ended a Channel 4 interview by accusing the reporter of being offensive...

Linux ‘Bad Epoll’ Bug Grants Any User Root Access

A critical Linux kernel flaw, Bad Epoll (CVE-2026-46242), allows a standard user to gain...

Crypto Bill Fails to Meet White House July 4 Deadline

The White House will miss its July 4 deadline for passing a cryptocurrency market...

Alphabet Undervalued Despite Record Growth, AI Push

Alphabet (GOOGL) stock is deemed undervalued despite record revenue and strong AI positioning, trading...

Must Read

The 13 Best Crypto Advertising Networks to Grow Your Project

TABLE OF CONTENTSWhy Traditional Ad Networks (Like Google & Facebook) Fail CryptoQuick-View Comparison TableHow to Choose the Right Crypto Ad Network for Your ProjectBest...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading