North Korean Hackers Weaponized 67 Malicious npm Packages to Deliver XORIndex Malware
Score: 78/100
4 articles
100.0% coherence
19 hours ago
Activity Timeline
North Korean Hackers Exploit Zoom Invites in Attac...
GB Hackers
Jul 15
10:57
North Korean Hackers Exploit 67 Malicious npm Pack...
GB Hackers
Jul 15
12:45
North Korean XORIndex malware hidden in 67 malicio...
BleepingComputer
Jul 15
17:47
North Korean Hackers Weaponized 67 Malicious npm P...
Cybersecurity News
Primary Article
Jul 16
04:26
Primary Article
Cybersecurity News 3 hours ago
North Korean threat actors have escalated their software supply chain attacks with the deployment of 67 malicious npm packages that collectively garnered over 17,000 downloads before detection.
This latest campaign represents a significant expansion of the ongoing “Contagious Interview” operation, introducing a previously unreported malware loader dubbed XORIndex alongside the existing HexEval Loader infrastructure.
The newly discovered XORIndexmalware, named for its distinctive use of XOR-encoded strings and index-based obfuscation techniques, demonstrates the threat actors’ continued evolution in developing sophisticated evasion mechanisms.
The malicious packages infiltrated the npm ecosystem through 18 different accounts registered with 15 distinct email addresses, with 27 packages remaining active on the registry at the time of discovery.
Socket.dev analystsidentifiedthis campaign as part of a broader North Korean cyber espionage effort targeting developers, cryptocurrency holders,...
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
Unlock AI Insights
Get AI-generated executive, technical, and remediation briefs with Pro.
North Korean XORIndex malware hidden in 67 malicious npm packages
Bill Toulas
July 15, 2025
01:47 PM
0
North Korean threat actors planted 67 malicious packages in the Node Package Manager (npm) online...
North Korean Hackers Exploit 67 Malicious npm Packages to Spread XORIndex Malware
The Socket Threat Research Team has discovered a new software supply chain attack that uses a malware loader called XO...
North Korean Hackers Exploit Zoom Invites in Attacks on Crypto Companies
Cybersecurity firm SentinelOne has exposed an ongoing malware campaign orchestrated by North Korean threat actors, known for th...
Save to Folder
Choose a folder to save this cluster:
We use cookies
We use cookies and similar technologies to enhance your experience, analyse site usage, and assist in our marketing efforts.
Cookie Settings
Essential Cookies
Required for the website to function. Cannot be disabled.
Session management and authentication
Security and fraud prevention
Cookie consent preferences
Analytics Cookies
Help us understand how visitors interact with our website.