🟠 High | Source: The Hacker News
North Korean threat actors behind the Contagious Interview campaign have published 108 malicious packages and browser extensions across npm, Packagist, Go, and Chrome in an active campaign dubbed PolinRider. The attackers are compromising legitimate maintainer accounts to distribute malware through trusted package repositories. This is a supply chain attack targeting developers who install seemingly legitimate dependencies.
Security Architect’s Take: Audit your CI/CD pipelines and developer workstations for recently installed npm, Go, or Packagist packages, and enforce allowlisting of approved dependencies via a private registry or lock file integrity checks. Implement runtime behavioural monitoring on build agents and restrict outbound network access from CI environments to limit the blast radius of any compromise.
Original advisory: North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign