The Point: North Korean hackers systematically distribute malicious code packages across multiple major package managers and browser ecosystems to compromise developer accounts.
North Korean actors have distributed 108 malicious software packages and browser extensions across npm, Packagist, Go and Google Chrome. The PolinRider campaign remains active, with further compromised packages expected.
Threat actors connected to the Contagious Interview campaign from North Korea have distributed 108 unique packages and web browser extensions across multiple repositories: npm, Packagist, Go and Google Chrome. The activity is referred to as the PolinRider campaign.
The campaign remains active according to analyses. New malicious packages are expected to continue appearing as the actors compromise maintainer accounts and thereby gain access to established, trusted code repositories.
For CISOs, this means elevated risk in supply chain security. The compromise of maintainer accounts enables attackers to inject malicious code into regular updates that are installed by developers worldwide. Continuous monitoring of dependencies, verification of package integrity, and implementation of code scanning tools are necessary to identify affected packages in a timely manner.
Source: thehackernews.com · Published 4 July 2026
Lumi AI News — AI-assisted curation in accordance with Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.3.