North Korean hackers linked to the Contagious Interview campaign have published 108 malicious packages and extensions across various platforms, including npm and Google Chrome. This ongoing threat poses significant risks to software developers and individuals in cryptocurrency sectors through compromised repositories and fake recruitment efforts.
The PolinRider campaign, attributed to North Korean threat actors, has seen the emergence of 108 unique malicious packages and browser extensions. These artifacts are spread across platforms such as npm, Packagist, Google Chrome, and Go, raising concerns over the security of software developers and cryptocurrency professionals.
The 162 malicious release artifacts include 19 npm libraries, 10 Composer packages, and 61 Go modules, among others. Researchers indicate this ongoing activity is likely to persist as attackers continue to exploit maintainer accounts and infect legitimate repositories with compromised versions of software.
The Contagious Interview campaign employs deceptive job recruitment strategies to trick individuals into running malware. Attackers pose as recruiters on platforms like LinkedIn and GitHub, utilizing fake companies and AI-generated profiles to establish credibility and execute malicious code.
As part of their efforts, the attackers have compromised 1,951 public GitHub repositories linked with 1,047 unique owners. Their approach involves integrating malicious code, such as obfuscated JavaScript payloads, into public repositories, further complicating detection and mitigation efforts.
The North Korean hackers are believed to gain access to maintainer accounts through methods like expired domain takeover, rather than using stolen GitHub credentials. Victims are primarily compromised via malicious VS Code extensions or npm packages, highlighting vulnerabilities in software development tools.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
North Korean hackers linked to the Contagious Interview campaign have published 108 malicious packages and extensions across various platforms, including npm and Google Chrome. This ongoing threat poses significant risks to software developers and individuals in cryptocurrency sectors through compromised repositories and fake recruitment efforts.