Phylum has identified a fresh offensive by suspected North Korean hacking groups targeting the open-source software community with malicious packages uploaded to the npm repository.
These attacks are characterised by multi-stage obfuscated JavaScript that downloads additional malware components from remote servers, including Python scripts that scour infected machines for cryptocurrency wallets.
The campaign began on 12th August and employs distinct publication patterns and attack types, indicating a coordinated effort by multiple groups.
Phylum highlights three distinct attack vectors in this campaign, linking some to North Korean operations, including the 'Contagious Interview' campaign observed earlier this year.
[
Collection
]
[
|
...
]