Tech »  Topic »  North Korea Floods npm Registry with Malware

North Korea Floods npm Registry with Malware

1 day ago   bankinfosecurity

67 Malicious Packages, XORIndex Loader Target JavaScript Code-Sharing Platform Prajeet Nair (@prajeetspeaks) • July 16, 2025

North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm Registry as part of the ongoing Contagious Interview campaign. (Image: Shutterstock)

North Korean threat actors escalated their software supply chain attacks by uploading 67 new malicious packages to the npm Registry as part of the ongoing Contagious Interview campaign. The malware targets open-source JavaScript developers with malware loaders.

See Also: Beyond Replication & Versioning: Securing S3 Data in the Face of Advanced Ransomware Attacks

The latest wave of attacks marks an expansion of the campaign, which began in April 2025 and intensified in June. Researchers at Socket identified 28 of the newly published npm packages using a previously undocumented malware loader named XORIndex, while 39 others used the older HexEval Loader. Together, these 67 packages were ...


Copyright of this story solely belongs to bankinfosecurity . To see the full text click HERE

More related news