North Korean threat actors are conducting a persistent campaign targeting blockchain and Web3 developers by deploying malware through fake coding tests and job interviews. This sophisticated operation involves nearly 200 malicious npm packages, a complex multi-layered infrastructure, and an evolving approach to bypass security measures. #NorthKorea #npmMalware
Keypoints
- North Korean hackers are targeting blockchain developers via fake coding tests and job offers.
- The campaign, named “Contagious Interview,” has added almost 200 malicious npm packages and over 31,000 downloads.
- Malicious packages like tailwind-magic hide backdoor code within legitimate-looking repositories hosted on GitHub.
- The malware delivered, OtterCookie, includes features like keylogging, clipboard theft, and credential harvesting.
- The attack infrastructure employs a multi-layered delivery system to evade detection and persist within systems.