Close Menu
TechurzTechurz
    What's Hot

    Startup Battlefield Australia application closes in days: Apply before July 6

    June 30, 2026

    Acti puts AI agents directly into your smartphone keyboard

    June 30, 2026

    The DeepMind trio who built a poker AI are now making money for quant hedge funds

    June 30, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • Startup Battlefield Australia application closes in days: Apply before July 6
    • Acti puts AI agents directly into your smartphone keyboard
    • The DeepMind trio who built a poker AI are now making money for quant hedge funds
    • Nvidia competitor Etched hits $5B valuation, $1B in sales for AI chip
    • Clicks shows off its BlackBerry-inspired phone in a new hands-on video
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Guides - North Korean hackers release malware-ridden packages into npm registry
    Guides

    North Korean hackers release malware-ridden packages into npm registry

    TechurzBy TechurzJuly 15, 2025Updated:May 12, 2026No Comments2 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    A red padlock image against a digital map of the earth in blue.
    Share
    Facebook Twitter LinkedIn Pinterest Email


    • Security researchers spotted 67 malicious packages on npm
    • The packages are part of the Contagious Interview campaign
    • They are most likely deployed by North Korean attackers

    North Korean hackers have been seen pushing dozens of malicious packages to npm in an attempt to compromise western technology products through supply chain attacks.

    Cybersecurity researchers Socket claim the latest push of 67 malicious packages is just the second leg of a previous attack, in which 35 packages were published, as part of a campaign called Contagious Interview.

    β€œThe Contagious Interview operation continues to follow a whack-a-mole dynamic, where defenders detect and report malicious packages, and North Korean threat actors quickly respond by uploading new variants using the same, similar, or slightly evolved playbooks,” Socket researcher Kirill Boychenko said.


    You may like

    Thousands of victims

    Uploading malicious code to npm is just a setup. The real attack most likely happens elsewhere – on LinkedIn, Telegram, or Discord. North Korean attackers would pose as recruiters, or HR managers in large, reputable tech companies, and would reach out to software developers offering work.

    The interview process includes multiple rounds of talks and concludes with a test assignment. That test assignment requires the job seeker to download and run an npm package, which is where the person ends up with a compromised device. Obviously, that doesn’t mean that other people couldn’t accidentally download tainted packages, as well.

    Cumulatively, the packages attracted more than 17,000 downloads, which is quite the attack surface.

    North Koreans are infamous for their fake job and fake employee scams, whose goals usually vary between cyber-espionage and financial theft. If they’re not stealing intellectual property or proprietary data, then they’re stealing cryptocurrencies which the government uses to fund the state apparatus and its nuclear weapons program.

    Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

    The campaigns deploy all sorts of malware, from the BeaverTail infostealer, across XORIndex Loader, HexEval, and many others.

    β€œContagious Interview threat actors will continue to diversify their malware portfolio, rotating through new npm maintainer aliases, reusing loaders such as HexEval Loader and malware families like BeaverTail and InvisibleFerret, and actively deploying newly observed variants including XORIndex Loader,” the researchers concluded.

    Via The Hacker News

    You might also like

    Hackers Korean malwareridden North npm packages registry release
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleRoblox creators can now make their own Stranger Things and Twilight games
    Next Article Starbucks Reveals Secret Menu, Contest for Best Custom Drink
    Techurz
    • Website

    Related Posts

    Opinion

    The US banned Anthropic’s Fable 5 release, but the numbers don’t seem to care

    June 19, 2026
    Opinion

    Unastella, a South Korean rocket startup that launched from home, raises $24M

    June 1, 2026
    Cyber Reality

    PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

    November 2, 2025
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622

    Future of Digital Privacy and Security: 7 Truths Nobody Tells You

    May 25, 202619
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.