A new North Korea-led campaign exploits malicious npm packages to infect developers’ devices with infostealers and backdoors. This ongoing operation involves sophisticated social engineering tactics and multiple payloads targeting software engineers. #NorthKorea #npm #Infostealers #Backdoors #CyberEspionage
Keypoints
- North Korean operatives are using fake LinkedIn recruiter profiles to target developers.
- The campaign distributes 35 malicious npm packages mimicking legitimate libraries.
- Infection chain begins with HexEval Loader, followed by BeaverTail and InvisibleFerret payloads.
- Malicious packages are used to steal browser data, control systems remotely, and install keyloggers.
- Developers should run unknown code in isolated environments to prevent infections.