North Korean hackers flood repositories with 108 malicious packages

A fresh wave of supply-chain attacks is washing over open-source ecosystems, as North Korean hackers unleash 108 malicious packages and browser extensions across npm, Packagist, Go and the Chrome Web Store. The ongoing PolinRider campaign remains active, with the threat actors steadily compromising maintainer accounts to plant their malicious code.
A widening net across ecosystems
The attackers have diversified their delivery channels, embedding harmful payloads not only in JavaScript packages on npm and PHP libraries on Packagist, but also in Go modules and Chrome extensions. Each compromised package or extension can silently exfiltrate sensitive data or deliver additional malware once installed by unsuspecting developers and users.
How the campaign stays under the radar
Source: The Hacker News. AI-assisted editorial synthesis — TechnoExpress.

