hacker-news · Crawled Jul 5, 2026

North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

2 IoCs 1 Malware
Read original article ↗

AI Summary

North Korean threat actors associated with the Contagious Interview campaign have launched the PolinRider operation, distributing 108 malicious packages and browser extensions across npm, Packagist, Go, and Google Chrome. The attack targets developers in the cryptocurrency sector through social engineering, compromising maintainer accounts to inject obfuscated JavaScript payloads into legitimate repositories. These payloads deliver second-stage malware such as DEV#POPPER RAT and OmniStealer by leveraging blockchain infrastructure and malicious VS Code task files, while using Git history manipulation to evade detection.

AI-extracted · verify before operational use

Extracted Entities 1 found

Indicators of Compromise 2 extracted

Type Value Detail
Package npm:rollup-polyfill Details →
GitHub Repo OpenSourceMalware Details →

MITRE ATT&CK TTPs 17 techniques