<img height="1" width="1" style="display: none" alt="" src="https://px.ads.linkedin.com/collect/?pid=1098858&amp;fmt=gif">

North Korean Hackers Poison Open Source Packages in Ongoing Supply Chain Attack

North Korean hackers target open source software in PolinRider, using GitHub to spread malware. Developers, check for potential breaches!
Content Team

North Korean hackers have been quietly compromising open source software since December 2025 in a campaign called PolinRider. Linked to the broader Contagious Interview operation, the attackers hijack legitimate GitHub maintainer accounts, inject obfuscated JavaScript loaders into real repositories, and use Git history rewriting to make the changes look old. The malware drops two payloads: the DEV#POPPER RAT and OmniStealer. So far, 162 malicious artifacts across 108 packages have been found on NPM, Packagist, Go modules, and Chrome extensions. Any developer who installed an affected package should assume their environment is compromised and remediate from a clean machine.

Source: SecurityWeek

Share this article
Share on facebook Share on linkedin Share on twitter Share on email
blog_book_a_demo_cta_3x
Have questions about protecting your software?
Our escrow experts are standing by to help.
Book a free demo