Tag: Installing Malware

Bogus npm Packages Used to Trick Software Developers into Installing Malware
News

Bogus npm Packages Used to Trick Software Developers into Installing Malware

Software developers are the subject of a persistent social engineering campaign that poses as a job interview and uses fake npm packages to lure people into downloading a Python backdoor. Under the handle DEV#POPPER, cybersecurity company Securonix is monitoring the activity and connecting it to North Korean threat actors. According to security experts Den Iuzvyk, Tim Peck, and Oleg Kolesnikov, during these fake interviews, engineers are frequently required to carry out activities that entail downloading and running software from sources that seem trustworthy, like GitHub. Once the malicious Node JS payload in the app was executed, the developer's system was compromised read more Bogus npm Packages Used to Trick Software Developers into Installing Malware. Get up to date on the l...