🟠 High | Source: The Hacker News
North Korea-linked threat actors have published malicious npm packages that impersonate legitimate Rollup polyfill tooling, enabling remote access and credential theft from developer machines. The packages closely mimic the real ‘rollup-plugin-polyfill-node’ project, including metadata and repository details, making them difficult to spot. This is a software supply chain attack targeting developers who may unknowingly install the counterfeit packages.
Security Architect’s Take: Audit your CI/CD pipelines and developer workstations for the packages ‘rollup-packages-polyfill-core’ and ‘rollup-runtime-polyfill-core’, and remove them immediately. Enforce package allowlists or integrity checks (e.g. via npm audit, Artifactory Xray, or Socket.dev) to prevent unapproved packages entering your build environments.
Original advisory: North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets