CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Self-propagating North Korean job-scam malware spreads via compromised developer projects in software supply chain

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

A North Korean state-aligned actor has transformed fake job recruitment scams into a self-propagating supply-chain attack dubbed "Contagious Interview" that infects developer workstations and propagates via compromised repositories. Void Dokkaebi (aka Famous Chollima) abuses legitimate development workflows by luring developers with fake interviews, then delivering malware via malicious VS Code tasks or hidden payloads in fonts/images. Once committed to Git repositories, the infection spreads to downstream contributors, creating a worm-like chain reaction. Developers’ credentials, crypto wallets, CI/CD pipelines, and production infrastructure are primary targets. Newly identified activity connected to the same actor’s PromptMink campaign targets cryptocurrency developers via malicious npm packages, including @validate-sdk/v2, co-authored by an AI coding assistant. The layered package strategy uses legitimate-looking tools to hide malicious payloads, with payloads evolving from credential theft to broader data exfiltration, persistence mechanisms, and cross-platform binaries. Over 60 packages and 300+ versions have been identified across seven months, with evidence of LLM integration in malware development.

Timeline

  1. 22.04.2026 17:48 2 articles · 7d ago

    Void Dokkaebi’s Contagious Interview campaign escalates to self-propagating supply-chain compromise via VS Code and Git repositories

    North Korean actor Void Dokkaebi has operationalized the "Contagious Interview" tactic into a self-sustaining supply-chain attack vector. Malicious VS Code tasks or hidden .vscode folders in compromised repositories execute automatically when opened, then propagate the infection to subsequent clones via commit history. The attack chain begins with fake job interviews targeting developers, then escalates to CI/CD pipelines and production systems as victims integrate the infected code. Blockchain-based payload staging further complicates remediation. The campaign’s scope expands with newly identified npm-based activity linked to the same actor. PromptMink leverages malicious npm packages such as @validate-sdk/v2, co-authored by an AI coding assistant (Anthropic’s Claude Opus), to target cryptocurrency developers. The layered package strategy uses legitimate-looking tools to conceal malicious payloads, which evolved from credential theft to include data exfiltration, persistence mechanisms (SSH key installation), and cross-platform binaries (Rust-based executables). Evidence of LLM integration in malware development indicates the actor’s use of automated development workflows to refine attacks. Over 60 packages and 300+ versions have been identified across seven months, underscoring sustained refinement of delivery techniques.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Targeted social engineering of Axios maintainer enables UNC1069 npm supply chain compromise via WAVESHAPER.V2 implant

A maintainer of the widely used Axios npm package was targeted in a highly tailored social engineering campaign attributed to North Korean threat actor UNC1069, resulting in the compromise of npm account credentials and the publication of two trojanized versions of Axios (1.14.1 and 0.30.4). Google Threat Intelligence Group (GTIG) attributed the attack to UNC1069 based on the use of WAVESHAPER.V2 and infrastructure overlaps with past activities. The malicious packages were available for roughly three hours and injected a plain-crypto-js dependency that installed a cross-platform RAT, enabling credential theft and downstream compromise. The campaign also targeted additional maintainers, including Pelle Wessman (Mocha framework) and Node.js core contributors, revealing a coordinated effort against high-impact maintainers. The intrusion began with reconnaissance-driven impersonation of a legitimate company founder, engagement via a cloned Slack workspace and Microsoft Teams call, and execution of a fake system update that deployed the RAT. Post-incident, the maintainer reset devices, rotated all credentials, adopted immutable releases, introduced OIDC-based publishing flows, and updated GitHub Actions workflows to mitigate future risks.

Open in new tab

Supply chain compromise of axios npm package delivers cross-platform RATs via malicious dependency

A North Korea-nexus threat actor (UNC1069) compromised the npm account of axios maintainer Jason Saayman via a two-week social engineering campaign and published malicious axios versions v1.14.1 and v0.30.4 containing the plain-crypto-js dependency to deliver cross-platform RATs with full unilateral control capabilities, bypassing 2FA. The attack’s blast radius has expanded beyond developer ecosystems after OpenAI revealed that a GitHub Actions workflow used for macOS app signing downloaded the malicious axios library, prompting OpenAI to revoke its macOS app certificate as a precaution despite no evidence of compromise. This incident underscores the escalating risks of supply chain compromises, with Google warning that hundreds of thousands of stolen secrets from the axios and Trivy attacks could fuel further software supply chain attacks, SaaS compromises, ransomware, and cryptocurrency theft. The campaign reflects an industrialized social engineering model targeting high-value individuals and open source maintainers, leveraging AI-enhanced trust-building and matured attacker tooling. Additional supply chain attacks in March 2026, such as the compromise of Trivy by TeamPCP (UNC6780), have compounded the threat landscape, exposing organizations like the European Commission and Mercor to downstream risks.

Open in new tab

454,000+ Malicious Open Source Packages Discovered in 2026

Researchers reported a surge in malicious open source packages, with 454,648 new malicious packages discovered in 2026. These packages are increasingly used in sustained, industrialized campaigns, often state-sponsored, targeting developer machines and CI/CD pipelines. The threat landscape includes repository abuse, potentially unwanted apps, and multi-stage attacks involving host information exfiltration, droppers, and backdoors. Additionally, AI-assisted development is exacerbating the risk by recommending non-existent versions and failing to check for malicious indicators.

Open in new tab

PhantomRaven npm credential harvesting campaign leverages invisible dependencies

An ongoing npm credential harvesting campaign dubbed PhantomRaven has been active since August 2025. The malware steals npm tokens, GitHub credentials, and CI/CD secrets from developers worldwide. New attack waves occurred between November 2025 and February 2026, distributing 88 packages via 50 disposable accounts. At least 126 npm packages have been infected, resulting in over 86,000 downloads. The attack uses Remote Dynamic Dependencies (RDD) to hide malicious code in externally hosted packages, evading npm security scans. The campaign exploits AI hallucinations to create plausible-sounding package names, a technique known as slopsquatting. As of October 30, 2025, the attacker-controlled URL can serve any kind of malware, initially serving harmless code before pushing a malicious version. The malware scans the developer environment for email addresses and gathers information about the CI/CD environment. The npm ecosystem allows easy publishing and low friction for packages, with lifecycle scripts executing arbitrary code at install time. As of October 29, 2025, at least 80 of the infected packages remain active. Researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package to target GitHub-owned repositories. The package incorporated a post-install hook to download and run malware in versions 4.0.12 to 4.0.17, and has been downloaded 47,405 times. The malware specifically targets repositories owned by the GitHub organization, indicating a targeted attack against GitHub.

Open in new tab

Malicious nx Packages Exfiltrate Credentials in 's1ngularity' Supply Chain Attack

The **UNC6426** threat actor has weaponized credentials stolen during the August 2025 **nx npm supply-chain attack** to execute a rapid cloud breach, escalating from a compromised GitHub token to **full AWS administrator access in under 72 hours**. By abusing GitHub-to-AWS OpenID Connect (OIDC) trust, the attacker deployed a new IAM role with `AdministratorAccess`, exfiltrated S3 bucket data, terminated production EC2/RDS instances, and **publicly exposed the victim’s private repositories** under the `/s1ngularity-repository-[randomcharacters]` naming scheme. This follows the broader *Shai-Hulud* and *SANDWORM_MODE* campaigns, which collectively compromised **over 400,000 secrets** via trojanized npm packages, GitHub Actions abuse, and AI-assisted credential harvesting (e.g., QUIETVAULT malware leveraging LLM tools). The attack chain began with the **Pwn Request** exploitation of a vulnerable `pull_request_target` workflow in nx, leading to trojanized package publication and theft of GitHub Personal Access Tokens (PATs). UNC6426 later used tools like **Nord Stream** to extract CI/CD secrets, highlighting the risks of **overprivileged OIDC roles** and **standing cloud permissions**. Researchers warn of escalating supply chain risks, including **self-propagating worms** (Shai-Hulud), **PackageGate vulnerabilities** bypassing npm defenses, and **AI-assisted prompt injection** targeting developer workflows. Mitigations include disabling postinstall scripts, enforcing least-privilege access, and rotating all credentials tied to npm, GitHub, and cloud providers.

Open in new tab