Researchers uncovered UNK_DeadDrop, a North Korea-linked phishing campaign using recruitment and code-review lures on GitHub to push malicious VS Code projects and Overlord malware against developers across nearly 100 organizations. Separately, malicious VS Code extensions and multiple npm/GitHub supply-chain campaigns were found delivering backdoors and stealers that target credentials, wallets, and developer systems. #ContagiousInterview #UNK_DeadDrop #Overlord #VoidDokkaebi #BeaverTail #InvisibleFerret #OtterCookie #TaskJacker #BlueNoroff #CabbageRAT #MachOMan #PromptMink #ClipViper #DreamJob
Keypoints
- UNK_DeadDrop used recruitment-themed phishing emails to lure developers into malicious GitHub repositories.
- VS Codeβs runOn: folderOpen feature was abused to execute malware without user interaction.
- The campaign deployed Overlord and malicious extensions to steal wallet data, credentials, and files.
- Yeeth Security found trojanized VS Code extensions that used SharePoint and Microsoft Graph API for C2.
- Multiple npm and GitHub supply-chain attacks also spread BeaverTail, OtterCookie, and other credential-stealing payloads.
Read More: https://thehackernews.com/2026/06/north-korean-hackers-are-turning.html