Security News > 2024 > April > Bogus npm Packages Used to Trick Software Developers into Installing Malware
2024-04-27 05:12
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked
News URL
https://thehackernews.com/2024/04/bogus-npm-packages-used-to-trick.html
Related news
- BeaverTail Malware Resurfaces in Malicious npm Packages Targeting Developers (source)
- Malware Campaign Uses Ethereum Smart Contracts to Control npm Typosquat Packages (source)
- Malicious NPM Packages Target Roblox Users with Data-Stealing Malware (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)