Buy Crypto Markets Spot FuturesGOLD Earn Event Center

PANews reported on October 16 that according to Decrypt, the US cybersecurity company Socket stated in a report that a North Korean hacker group uploaded over 300 malicious code packages to the mainstream software library npm, disguising them as misspelled versions of popular libraries (such as express and hardhat) to implant malware capable of stealing passwords and encrypted wallet keys. The operation was named "Infectious Interview," and hackers impersonated technical recruiters to target blockchain and Web3 developers. After approximately 50,000 downloads, some malicious packages remained online. Researchers traced the code back to the North Korean hacker group through code patterns, and their loader scripts used memory decryption technology to avoid leaving traces. Although GitHub has strengthened verification and removed some malicious packages, supply chain security threats continue to spread. Security experts recommend that development teams treat each dependency installation as a potential code execution and require scanning and verification before merging it into the project.PANews reported on October 16 that according to Decrypt, the US cybersecurity company Socket stated in a report that a North Korean hacker group uploaded over 300 malicious code packages to the mainstream software library npm, disguising them as misspelled versions of popular libraries (such as express and hardhat) to implant malware capable of stealing passwords and encrypted wallet keys. The operation was named "Infectious Interview," and hackers impersonated technical recruiters to target blockchain and Web3 developers. After approximately 50,000 downloads, some malicious packages remained online. Researchers traced the code back to the North Korean hacker group through code patterns, and their loader scripts used memory decryption technology to avoid leaving traces. Although GitHub has strengthened verification and removed some malicious packages, supply chain security threats continue to spread. Security experts recommend that development teams treat each dependency installation as a potential code execution and require scanning and verification before merging it into the project.

North Korean hackers uploaded over 300 malicious code packages targeting blockchain companies to the mainstream software library npm

Author: PANews

Source: PANews

2025/10/16 09:26

1 min read

WALLET$0.00983-3.53%

TREAT$0.0001909-2.60%

For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

Market Opportunity

Ambire Wallet Price(WALLET)

$0.00983

$0.00983$0.00983

+0.61%

USD

Ambire Wallet (WALLET) Live Price Chart

Don't Miss $200,000 U-Fest

Get mystery boxes, 12% APR & $200 new user gifts!

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.