PANews reported on October 16 that according to Decrypt, the US cybersecurity company Socket stated in a report that a North Korean hacker group uploaded over 300 malicious code packages to the mainstream software library npm, disguising them as misspelled versions of popular libraries (such as express and hardhat) to implant malware capable of stealing passwords and encrypted wallet keys. The operation was named "Infectious Interview," and hackers impersonated technical recruiters to target blockchain and Web3 developers. After approximately 50,000 downloads, some malicious packages remained online. Researchers traced the code back to the North Korean hacker group through code patterns, and their loader scripts used memory decryption technology to avoid leaving traces. Although GitHub has strengthened verification and removed some malicious packages, supply chain security threats continue to spread. Security experts recommend that development teams treat each dependency installation as a potential code execution and require scanning and verification before merging it into the project.PANews reported on October 16 that according to Decrypt, the US cybersecurity company Socket stated in a report that a North Korean hacker group uploaded over 300 malicious code packages to the mainstream software library npm, disguising them as misspelled versions of popular libraries (such as express and hardhat) to implant malware capable of stealing passwords and encrypted wallet keys. The operation was named "Infectious Interview," and hackers impersonated technical recruiters to target blockchain and Web3 developers. After approximately 50,000 downloads, some malicious packages remained online. Researchers traced the code back to the North Korean hacker group through code patterns, and their loader scripts used memory decryption technology to avoid leaving traces. Although GitHub has strengthened verification and removed some malicious packages, supply chain security threats continue to spread. Security experts recommend that development teams treat each dependency installation as a potential code execution and require scanning and verification before merging it into the project.
North Korean hackers uploaded over 300 malicious code packages targeting blockchain companies to the mainstream software library npm
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com
PANews reported on October 16 that according to Decrypt, the US cybersecurity company Socket stated in a report that a North Korean hacker group uploaded over 300 malicious code packages to the mainstream software library npm, disguising them as misspelled versions of popular libraries (such as express and hardhat) to implant malware capable of stealing passwords and encrypted wallet keys. The operation was named "Infectious Interview," and hackers impersonated technical recruiters to target blockchain and Web3 developers. After approximately 50,000 downloads, some malicious packages remained online. Researchers traced the code back to the North Korean hacker group through code patterns, and their loader scripts used memory decryption technology to avoid leaving traces. Although GitHub has strengthened verification and removed some malicious packages, supply chain security threats continue to spread. Security experts recommend that development teams treat each dependency installation as a potential code execution and require scanning and verification before merging it into the project.
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
You May Also Like
WORLD3 and PlaysOut Unite to Advance Web3 Mini-Game Ecosystem
WORLD3, a project known for combining Web3 technology with autonomous agents and artificial intelligence, has entered into a strategic collaboration with PlaysOut
Share
CoinTrust2026/03/10 15:08
TrendX Taps Trusta AI to Develop Safer and Smarter Web3 Network
The purpose of collaboration is to advance the Web3 landscape by combining the decentralized infrastructure of TrendX with AI-led capabilities of Trusta AI.
Share
Blockchainreporter2025/09/18 01:07
UK crypto holders brace for FCA’s expanded regulatory reach
The post UK crypto holders brace for FCA’s expanded regulatory reach appeared on BitcoinEthereumNews.com. British crypto holders may soon face a very different landscape as the Financial Conduct Authority (FCA) moves to expand its regulatory reach in the industry. A new consultation paper outlines how the watchdog intends to apply its rulebook to crypto firms, shaping everything from asset safeguarding to trading platform operation. According to the financial regulator, these proposals would translate into clearer protections for retail investors and stricter oversight of crypto firms. UK FCA plans Until now, UK crypto users mostly encountered the FCA through rules on promotions and anti-money laundering checks. The consultation paper goes much further. It proposes direct oversight of stablecoin issuers, custodians, and crypto-asset trading platforms (CATPs). For investors, that means the wallets, exchanges, and coins they rely on could soon be subject to the same governance and resilience standards as traditional financial institutions. The regulator has also clarified that firms need official authorization before serving customers. This condition should, in theory, reduce the risk of sudden platform failures or unclear accountability. David Geale, the FCA’s executive director of payments and digital finance, said the proposals are designed to strike a balance between innovation and protection. He explained: “We want to develop a sustainable and competitive crypto sector – balancing innovation, market integrity and trust.” Geale noted that while the rules will not eliminate investment risks, they will create consistent standards, helping consumers understand what to expect from registered firms. Why does this matter for crypto holders? The UK regulatory framework shift would provide safer custody of assets, better disclosure of risks, and clearer recourse if something goes wrong. However, the regulator was also frank in its submission, arguing that no rulebook can eliminate the volatility or inherent risks of holding digital assets. Instead, the focus is on ensuring that when consumers choose to invest, they do…
Share
BitcoinEthereumNews2025/09/17 23:52