San Francisco, CA – February 5, 2025-North Korean hackers are now targeting developers via fake GitHub issues and infected npm packages to spread malware, steal credentials, and compromise software supply chains.
In a shocking new twist, North Korean hackers have escalated their cyberwarfare tactics, now infiltrating developers’ systems through fake GitHub issues and malicious npm packages. Cybersecurity experts warn that this marks a dangerous shift from traditional social engineering attacks to full-scale software supply chain infiltration.
According to SentinelOne researchers, the notorious Contagious Interview campaign—previously known for tricking job seekers into downloading malware—has evolved. Hackers are now posting fraudulent issues on legitimate GitHub repositories, luring developers into executing malicious payloads disguised as fixes and updates.
Phil Stokes, a security researcher at SentinelOne said:
This is a sophisticated attack aimed at poisoning the very foundation of software development. By targeting developers, these hackers could spread malware to thousands of unsuspecting users.
The malware, codenamed FERRET, is designed to steal credentials, browser data, and cryptocurrency wallets, with some variants enabling remote system control. Hackers are also using npm packages, such as the malicious postcss-optimizer, to infect Windows, macOS, and Linux environments.
Taylor Monahan, a cybersecurity expert said:
This attack is a wake-up call. If developers don't vet their sources, they could unknowingly compromise massive ecosystems.
With North Korea ramping up cyberattacks, the stakes have never been higher. Experts urge developers to scrutinize GitHub issues and npm dependencies, as this new wave of supply chain attacks threatens the very core of global software security.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life.
