North Korean Malware Madness: XORIndex Loader Steals Crypto with a Side of Job Scams!
In a plot twist reminiscent of a spy thriller, North Korean threat actors have unleashed XORIndex, a new malware loader, in their Contagious Interview campaign. Their target? Developers, job seekers, and anyone with a hint of cryptocurrency. Over 9,000 downloads later, XORIndex is the malware star of this digital drama.
Hot Take:
Imagine if job hunting wasn’t already stressful enough! Now, aside from worrying about resumes and cover letters, job seekers also have to dodge malware slinging North Korean hackers. It’s like job hunting on hard mode, where the new skill required is cybersecurity acumen. If only these cybercriminals put their talent into honest tech startups, they’d probably be on the Forbes list by now!
Key Points:
– North Korean threat actors have upgraded their campaign with a new malware loader named XORIndex.
– Over 9000 downloads of XORIndex occurred between June and July 2025, targeting developers, job seekers, and crypto holders.
– Attackers released 67 malicious packages on npm, with a collective download count exceeding 17,000.
– XORIndex and HexEval malware loaders collect sensitive data and assist in cryptocurrency theft.
– Socket researchers are actively working to remove these threats from the npm registry.