North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
North Korean threat actors tied to the Contagious Interview campaign have published 108 malicious packages and browser extensions across npm, Packagist, Go, and Google Chrome as part of the ongoing PolinRider activity. The campaign uses compromised maintainer accounts, malicious VS Code tasks, and hidden JavaScript loaders to spread BeaverTail variants and payloads such as DEV#POPPER RAT and OmniStealer. #ContagiousInterview #PolinRider #BeaverTail #DEVPOPPERRAT #OmniStealer #TaskJacker

Keypoints

  • PolinRider has spread 108 unique malicious packages and extensions across multiple ecosystems.
  • The campaign targets software developers and cryptocurrency workers through fake job interviews.
  • Attackers abuse compromised maintainer accounts and legitimate repositories to publish infected releases.
  • Malicious VS Code tasks and obfuscated JavaScript loaders trigger code execution on developer systems.
  • The payload chain can deliver DEV#POPPER RAT and OmniStealer after contacting blockchain infrastructure.

Read More: https://thehackernews.com/2026/07/north-korean-hackers-publish-108.html