"North Korean Hackers Launch New Wave of npm Package Attacks"

Researchers at Phylum have discovered a coordinated campaign involving North Korea-linked threat groups targeting the npm ecosystem. The campaign started on August 12, 2024, with the publication of malicious npm packages aimed at infiltrating developer environments and stealing sensitive data. The packages use sophisticated tactics like multi-stage obfuscated JavaScript to download additional malware from remote servers. The malware contains Python scripts and a full Python interpreter that look for data in cryptocurrency wallet browser extensions. This article continues to discuss the new coordinated campaign targeting the npm ecosystem.

Infosecurity Magazine reports "North Korean Hackers Launch New Wave of npm Package Attacks"

Submitted by grigby1