North Korean hackers uploaded over 300 malicious code packages targeting blockchain companies to the mainstream software library npm

PA一线
PA一线

PANews reported on October 16 that according to Decrypt, the US cybersecurity company Socket stated in a report that a North Korean hacker group uploaded over 300 malicious code packages to the mainstream software library npm, disguising them as misspelled versions of popular libraries (such as express and hardhat) to implant malware capable of stealing passwords and encrypted wallet keys. The operation was named "Infectious Interview," and hackers impersonated technical recruiters to target blockchain and Web3 developers. After approximately 50,000 downloads, some malicious packages remained online. Researchers traced the code back to the North Korean hacker group through code patterns, and their loader scripts used memory decryption technology to avoid leaving traces. Although GitHub has strengthened verification and removed some malicious packages, supply chain security threats continue to spread. Security experts recommend that development teams treat each dependency installation as a potential code execution and require scanning and verification before merging it into the project.

Share to:

Author: PA一线

This content is for informational purposes only and does not constitute investment advice.

BlockchainhackerReportSafety
Follow PANews official accounts, navigate bull and bear markets together
Telegram Discussion Group
Telegram News Channel
@PANewsCN
Recommended Reading
PA一线PA一线11 hour ago
Ren Deqi, Chairman of Bank of Communications: Utilizing technologies such as blockchain to achieve instant cross-border remittances.
PA一线PA一线15 hour ago
The trial for allegedly stealing $25 million using MEV robots was declared a writ of insolvency due to a split jury verdict.
PA一线PA一线2025-11-07 13:50
ZachXBT: Beware of fake Hyperliquid apps on the Google Play Store.
PA一线PA一线2025-11-07 13:46
The Garden attackers have transferred 501 BNB and 1910 ETH to Tornado Cash.
PA一线PA一线2025-11-07 13:37
The US non-farm payroll report is absent for the second consecutive time.
PA一线PA一线2025-11-07 10:22
CertiK: The Dimo administrator wallet was used to upgrade the proxy contract and was subsequently sold after withdrawing 30 million DIMO tokens.

Popular Articles

Industry News
Market Trends
Curated Readings
Subscribe

Curated Series

x402 Protocol: A New Standard for Agent Payments

x402 Protocol: A New Standard for Agent Payments

The x402 protocol aims to solve the core payment dilemma in the AI ​​Agent economy through blockchain technology, providing an autonomous and low-cost on-chain payment solution for high-frequency, small-amount transactions between AI Agents.

Pioneer's View: Crypto Celebrity Interviews

Pioneer's View: Crypto Celebrity Interviews

Exclusive interviews with crypto celebrities, sharing unique observations and insights

PAData: Web3 in Data

PAData: Web3 in Data

Data analysis and visual communication of industry hot spots help users understand the meaning and opportunities behind each data.

A complete review of the 1011 encryption storm

A complete review of the 1011 encryption storm

An in-depth review of the epic liquidation events of October 11: from the Trump tariff black swan event to high-leverage margin calls, stablecoin depegging, and market maker liquidity depletion.

ETHShanghai 2025: Discussing the Future of Ethereum

ETHShanghai 2025: Discussing the Future of Ethereum

The theme of this conference is "Expanding Ethereum, Shaping an Open Future". It is co-hosted by the Chinese-speaking blockchain builder community ETHPanda, Wanxiang Blockchain Labs, PANews and TinTinLand.

AI Agent: The Journey to Web3 Intelligence

AI Agent: The Journey to Web3 Intelligence

The AI Agen innovation wave is sweeping the world. How will it take root in Web3? Let’s embark on this intelligent journey together

App内阅读