North Korean Hackers Target Devs with Fake npm Packages to Steal Crypto

Hot Take:

Looks like North Korea is diversifying its portfolio from nuclear tests to code tests, wreaking havoc on developers’ lives and wallets with their latest npm shenanigans!

Key Points:

• North Korean threat actors are targeting developers with malicious npm packages.
• The attacks aim to steal cryptocurrency assets using a Python payload named InvisibleFerret.
• The campaign, dubbed ‘Contagious Interview,’ involves tricking developers through fake job interviews.
• Famous Chollima, a North Korean group, is infiltrating companies as employees to steal sensitive data.
• Obfuscated JavaScript and remote access tools are key components of these attacks.