North Korean threat actors have uploaded 67 malicious packages to npm, deploying the XORIndex malware loader to target developer systems. This campaign, part of the Contagious Interview operation, focuses on stealing sensitive data and cryptocurrency assets. #NorthKorean #ContagiousInterview
Keypoints
- North Korean hackers created 67 malicious npm packages with over 17,000 downloads.
- The malware campaign uses fake software project names to deceive developers.
- The XORIndex Loader executes malicious scripts and exfiltrates system data to C2 servers.
- Malware families like BeaverTail and InvisibleFerret are utilized for backdoor access.
- Researchers advise double-checking packages and avoiding typosquatting to prevent infection.