Over a dozen new malicious packages have been published across the npm, PyPI, Go Modules, crates.io, and Packagist ecosystems to facilitate malware compromise as part of the growing North KoreanContagious Interviewcampaign, which has been driven by over 1,700 illicit packages since its emergence in January 2025, according toThe Hacker News.Installation of the malware-loading packages facilitates the retrieval of an information-stealing and remote access trojan payload that targets browser, password manager, and cryptocurrency wallet data, a report from Socket security researchers showed. Additional findings showed a Windows malware variant that enabled shell command execution, keystroke logging, AnyDesk installation, and further module downloads.”That makes this cluster notable not just for its cross-ecosystem reach, but for the depth of post-compromise functionality embedded in at least part of the campaign,” said Socket researcher Kirill Boychenko. Such a report comes as North Korean threat group UNC1069, which was most recently linked to the axios supply chain hack, was noted by Security Alliance researchers to have been launching multi-week social engineering operations in Telegram, Slack, and LinkedIn to enable the distribution of cross-platform payloads.
More
Popular articles
Featured
Newsletter
Subscribe to get the latest news, offers and special announcements.