North Korea-Linked Threat Actors Use Mimicked npm Packages to Steal Developer Secrets
Malicious npm packages, masquerading as legitimate Rollup polyfill tools, are being leveraged by North Korea-linked threat actors to facilitate remote access, data theft, and credential harvesting. This sophisticated supply chain attack targets developer workstations and build machines to exfiltrate sensitive secrets, including SSH keys, cloud credentials, and source code.
Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft.
According to JFrog, the packages "rollup-packages-polyfill-core" and "rollup-runtime-polyfill-core" mimic the legitimate "rollup-plugin-polyfill-node" project, down to the description, repository metadata, and
*** END OF TRANSMISSION ***