PANews reported on October 16 that according to Decrypt, the US cybersecurity company Socket stated in a report that a North Korean hacker group uploaded over 300 malicious code packages to the mainstream software library npm, disguising them as misspelled versions of popular libraries (such as express and hardhat) to implant malware capable of stealing passwords and encrypted wallet keys. The operation was named "Infectious Interview," and hackers impersonated technical recruiters to target blockchain and Web3 developers. After approximately 50,000 downloads, some malicious packages remained online. Researchers traced the code back to the North Korean hacker group through code patterns, and their loader scripts used memory decryption technology to avoid leaving traces. Although GitHub has strengthened verification and removed some malicious packages, supply chain security threats continue to spread. Security experts recommend that development teams treat each dependency installation as a potential code execution and require scanning and verification before merging it into the project.