SECURITYTHE HACKER NEWS
North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
Threat actors linked to North Korea have created malicious npm packages named 'rollup-packages-polyfill-core' and 'rollup-runtime-polyfill-core' that mimic the legitimate 'rollup-plugin-polyfill-node' project to steal developer secrets. JFrog identified these packages as part of a scheme to facilitate remote access and data theft.
Mentioned
Related Signal
Adjacent reporting
- Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
- IronWorm and New Miasma Worm Variant Hit npm in Supply Chain Attacks
- Bitwarden CLI npm package compromised to steal developer credentials
- Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
- Cache-poisoning caper turns TanStack npm packages toxic
- Shai Hulud attack ships signed malicious TanStack, Mistral npm packages