NK Hackers Push 200 Malicious npm Packages with OtterCookie Malware

North Korean hackers escalated the “Contagious Interview” attack, flooding the npm registry with over 200 malicious packages to install OtterCookie malware. This attack targets blockchain and Web3 developers through fake job interviews and coding tests.

A security alert has been issued by software security firm Socket, revealing that North Korean threat actors have dramatically escalated their ongoing Contagious Interview attack. They are now flooding the popular software platform npm registry, where JavaScript developers share and download code, with nearly 200 new malicious packages since October 10, 2025. The attack targets blockchain and Web3 developers through fake job interviews and “test assignments,” Socket’s investigation found.

Further probing revealed that these new malicious packages have already been downloaded over 31,000 times, and are designed to secretly install the dangerous OtterCookie malware.

Connecting to Past Attacks

This campaign follows earlier Contagious Interview attacks covered by Hackread.com, including a 2024 report ...