North Korean state-sponsored actors have targeted developers by distributing malicious npm packages, designed to steal cryptocurrencies and credentials. Discovered by Phylum, these packages mimic legitimate ones and contain scripts that steal sensitive information. Efforts to conceal the malicious code have been observed, with connections to North Korean actors identified through GitHub activity analysis. The threat constitutes a significant risk to software developers and organizations.
Main Points
Targets in npm packages
North Korean state-sponsored actors targeting developers via npm packages
Fake npm packages
Fake npm packages masquerade as legitimate counterparts to distribute malware
Installed malicious scripts
Malicious scripts, including cryptocurrency and credential stealers, installed
Concealment of malicious code
Efforts made to conceal malicious code in package files
Connections to North Korean actors
Connections to North Korean actors identified through GitHub activity analysis
Insights
North Korean state-sponsored actors have been found to target developers with malicious npm packages.
A set of fake npm packages discovered on the Node.js repository has been found to share ties with North Korean state-sponsored actors, new findings from Phylum show.
The campaign is part of a broader agenda to steal cryptocurrency and credentials.
It “actually installs several malicious scripts including a cryptocurrency and credential stealer,” Phylum said.
Efforts to conceal malicious code were noted in a package.
The threat actors made efforts to conceal the obfuscated malicious code in a test file.
Connections to North Korean actors were identified through analysis of GitHub activities.
Phylum, which also analyzed the two GitHub accounts that binaryExDev follows, uncovered another repository known as mave-finance-org/auth-playground.
Links
- execution-time-async
- execution-time
- Phylum said
- downloaded 302 times
- Cybersecurity
- data-time-utils
- login-time-utils
- mongodb-connection-utils
- mongodb-execution-utils
- Cybersecurity
- decentralized perpetual spot exchange
- job opportunity
- Contagious Interview
- Operation Dream Job