North Korean threat actors tied to the Contagious Interview campaign have published 108 malicious packages and browser extensions across npm, Packagist, Go, and Google Chrome as part of the ongoing PolinRider activity. The campaign uses compromised maintainer accounts, malicious VS Code tasks, and hidden JavaScript loaders to spread BeaverTail variants and payloads such as DEV#POPPER RAT and OmniStealer. #ContagiousInterview #PolinRider #BeaverTail #DEVPOPPERRAT #OmniStealer #TaskJacker
Keypoints
- PolinRider has spread 108 unique malicious packages and extensions across multiple ecosystems.
- The campaign targets software developers and cryptocurrency workers through fake job interviews.
- Attackers abuse compromised maintainer accounts and legitimate repositories to publish infected releases.
- Malicious VS Code tasks and obfuscated JavaScript loaders trigger code execution on developer systems.
- The payload chain can deliver DEV#POPPER RAT and OmniStealer after contacting blockchain infrastructure.
Read More: https://thehackernews.com/2026/07/north-korean-hackers-publish-108.html