North Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
Summary
North Korean hackers have released 26 malicious npm packages disguised as developer tools as part of the Contagious Interview campaign. These packages hide a cross-platform Remote Access Trojan (RAT) by using Pastebin content as a command-and-control (C2) resolver.
IFF Assessment
FOE
This campaign represents a sophisticated supply chain attack where malicious code is injected into widely used developer tools, posing a significant risk to software development and deployment pipelines.
Defender Context
Defenders should be vigilant about software supply chain security, particularly when consuming third-party libraries from public registries like npm. Monitoring for suspicious package updates and conducting thorough code reviews for dependencies can help mitigate risks.