Close Menu

    Subscribe to Updates

    Get the latest Tech news from SynapseFlow

    What's Hot

    Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks

    July 6, 2026

    SpaceX Share Price Catalysts | NextBigFuture.com

    July 6, 2026

    The MSI Raider 16 Max HX delivers on gaming performance and packs an excellent display, but the build quality leaves a lot to be desired

    July 6, 2026
    Facebook X (Twitter) Instagram
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    Facebook X (Twitter) Instagram YouTube
    synapseflow.co.uksynapseflow.co.uk
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    synapseflow.co.uksynapseflow.co.uk
    Home»Cybersecurity»North Korean Hackers Target Open Source Developers in Supply Chain Attacks 
    North Korean Hackers Target Open Source Developers in Supply Chain Attacks 
    Cybersecurity

    North Korean Hackers Target Open Source Developers in Supply Chain Attacks 

    The Tech GuyBy The Tech GuyJuly 6, 2026No Comments2 Mins Read0 Views
    Share
    Facebook Twitter LinkedIn Pinterest Email
    Advertisement


    North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a broad supply chain campaign, Socket reports.

    Advertisement

    Referred to as PolinRider, the campaign has been ongoing since December 2025, using compromised GitHub repositories injected with JavaScript loaders leading to the DEV#POPPER remote access trojan (RAT) and the OmniStealer information stealer.

    Associated with the broader Contagious Interview operation, which includes tactics also seen in the DeceptiveDevelopment, Operation Dream Job, and ClickFake Interview campaigns, PolinRider is targeting developers across NPM, Packagist, Go modules, and Chrome extensions.

    To date, Socket has identified 162 malicious release artifacts across 108 unique packages, with more expected to emerge as the campaign continues.

    As part of the attacks, the threat actor compromises maintainer accounts to tamper with legitimate repositories and push infected packages. Additionally, the attackers rely on Git history rewriting to make the malicious changes appear older.

    The compromised repositories contain obfuscated JavaScript loaders that connect to the blockchain and public remote procedure call (RPC) infrastructure to retrieve encrypted payloads.

    Advertisement. Scroll to continue reading.

    Among the incidents associated with PolinRider, Socket identified the compromise of Xpos587, a GitHub account that maintains several repositories that were modified on June 23 during a small timeframe.

    Recently, the campaign expanded to Packagist, where multiple packages under the sevenspan namespace were compromised. The attackers hid the malicious loaders in configuration files that were not identified during the cleanup operation.

    “Teams that installed any affected package or extension version should treat the installation environment as potentially compromised until reviewed. Because PolinRider targets developer environments and may expose package registry, source code, cloud, and CI/CD credentials, remediation should be performed from a clean machine, not from the potentially infected host,” Socket notes.

    Related: North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

    Related: North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

    Related: $290 Million Kelp DAO Crypto Heist Blamed on North Korea

    Related: North Korean Hackers Target High-Profile Node.js Maintainers

    Advertisement
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    The Tech Guy
    • Website

    Related Posts

    Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks

    July 6, 2026

    Critical Cursor AI Code Editor Flaws Could Lead to OS-Level Remote Code Execution

    July 4, 2026

    Google, FBI Disrupt NetNut Residential Proxy Network Powered by Millions of Devices

    July 4, 2026

    Alleged Scattered Spider Hacker Extradited to US

    July 4, 2026

    Medtronic Data Breach Impacts 3.8 Million People

    July 4, 2026

    In Other News: Canadian Hacker Jailed, Open Source Zero-Days, Two Sentenced for ATM Jackpotting

    July 3, 2026
    Leave A Reply Cancel Reply

    Advertisement
    Top Posts

    You don’t need a NAS to self-host — I proved it with hardware from my closet

    June 7, 2026169 Views

    Spotify is giving one of its best playlists a big visual upgrade to give subscribers ‘a closer connection’ to its New Music Friday curators — and I think it could be the update it’s always needed

    June 12, 202690 Views

    The iPad Air brand makes no sense – it needs a rethink

    October 12, 202516 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Advertisement
    About Us
    About Us

    SynapseFlow brings you the latest updates in Technology, AI, and Gadgets from innovations and reviews to future trends. Stay smart, stay updated with the tech world every day!

    Our Picks

    Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks

    July 6, 2026

    SpaceX Share Price Catalysts | NextBigFuture.com

    July 6, 2026

    The MSI Raider 16 Max HX delivers on gaming performance and packs an excellent display, but the build quality leaves a lot to be desired

    July 6, 2026
    categories
    • AI News & Updates
    • Cybersecurity
    • Future Tech
    • Reviews
    • Software & Apps
    • Tech Gadgets
    Facebook X (Twitter) Instagram Pinterest YouTube Dribbble
    • Homepage
    • About Us
    • Contact Us
    • Privacy Policy
    © 2026 SynapseFlow All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.

    Ad Blocker Enabled!
    Ad Blocker Enabled!
    Our website is made possible by displaying online advertisements to our visitors. Please support us by disabling your Ad Blocker.