North Korean Hackers Weaponized 67 Malicious npm Packages to Deliver XORIndex Malware

Score: 78/100 4 articles 100.0% coherence 19 hours ago

Activity Timeline

North Korean Hackers Exploit Zoom Invites in Attac...
GB Hackers
Jul 15
10:57
North Korean Hackers Exploit 67 Malicious npm Pack...
GB Hackers
Jul 15
12:45
North Korean XORIndex malware hidden in 67 malicio...
BleepingComputer
Jul 15
17:47
North Korean Hackers Weaponized 67 Malicious npm P...
Cybersecurity News
Primary Article
Jul 16
04:26
North Korean threat actors have escalated their software supply chain attacks with the deployment of 67 malicious npm packages that collectively garnered over 17,000 downloads before detection. This latest campaign represents a significant expansion of the ongoing “Contagious Interview” operation, introducing a previously unreported malware loader dubbed XORIndex alongside the existing HexEval Loader infrastructure. The newly discovered XORIndexmalware, named for its distinctive use of XOR-encoded strings and index-based obfuscation techniques, demonstrates the threat actors’ continued evolution in developing sophisticated evasion mechanisms. The malicious packages infiltrated the npm ecosystem through 18 different accounts registered with 15 distinct email addresses, with 27 packages remaining active on the registry at the time of discovery. Socket.dev analystsidentifiedthis campaign as part of a broader North Korean cyber espionage effort targeting developers, cryptocurrency holders,...

Cluster AI

Beta Pro

Save to Folder

Choose a folder to save this cluster: