Skip to content
The Nexus
SECURITYJul 3 · 16:07 UTCTHE HACKER NEWS[email protected] (The Hacker News)

North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors linked to North Korea have created malicious npm packages named 'rollup-packages-polyfill-core' and 'rollup-runtime-polyfill-core' that mimic the legitimate 'rollup-plugin-polyfill-node' project to steal developer secrets. JFrog identified these packages as part of a scheme to facilitate remote access and data theft.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting