North Korean NPM Nuisance: Fake Job Interviews & Sneaky Packages Unleashed!
Cybersecurity researchers have discovered a new wave of malicious npm packages linked to the Contagious Interview operation from North Korea. These 35 packages, downloaded over 4,000 times, contain a sneaky hex-encoded loader called HexEval, which stealthily installs the BeaverTail stealer to execute an InvisibleFerret backdoor.
Hot Take:
When North Korean cyber operatives are better at coding than you are at debugging, it’s time to worry! Who knew job hunting could lead to something more sinister than a bad interview? Apparently, the malware train is making a stop at Npm-ville, and everyone’s getting onboard—no recruiter required!
Key Points:
- 35 malicious npm packages were uploaded across 24 npm accounts as part of the Contagious Interview operation.
- Six of these packages are still available for download from npm.
- The operation uses a hex-encoded loader to deploy a JavaScript stealer called BeaverTail and a Python backdoor named InvisibleFerret.
- Targets are tricked using fake job interviews to install malware under the guise of coding assignments.
- The operation is linked to North Korean state-sponsored threat actors, focusing on cryptocurrency and data theft.
Already a member? Log in here