North Korean Hackers Target Developers with Malicious npm Packages

Threat actors with North Korean links are publishing malicious packages to rob cryptocurrency assets, targeting software developers on the npm registry. The software supply chain security firm Phylum reported that these packages, which include temp-etherscan-api, ethersscan-api, among others, are linked to North Korea’s ongoing Contagious Interview campaign. The latter aims to compromise developers with malware, collecting sensitive data from cryptocurrency wallet browser extensions. The latest attacks employ new methods, including the use of helmet-validate package and a JavaScript code called config.js.