North Korean Hackers Target Developers Through Fake Rollup npm Packages as Supply Chain Attacks Intensify + Video

Listen to this Post

Featured Image

Introduction

The open source ecosystem continues to face relentless attacks as cybercriminals increasingly exploit the trust developers place in package repositories. In the latest discovery, cybersecurity researchers have uncovered a sophisticated campaign linked to North Korean threat actors that abused the npm ecosystem by publishing malicious packages disguised as legitimate Rollup polyfill tools. These fake packages were carefully crafted to appear authentic while secretly deploying malware capable of stealing sensitive information, gaining remote access to infected systems, and compromising development environments.

The campaign highlights an alarming evolution in software supply chain attacks. Rather than directly targeting organizations, attackers are compromising the tools developers rely on every day, turning trusted dependencies into highly effective infection vectors capable of reaching source code repositories, cloud environments, cryptocurrency wallets, and enterprise infrastructure.

Fake Rollup Packages Become a New Weapon

Security researchers at JFrog identified two malicious npm packages named rollup-packages-polyfill-core and rollup-runtime-polyfill-core. Both were intentionally designed to closely imitate the legitimate rollup-plugin-polyfill-node package.

The attackers copied nearly everything from the genuine project, including package descriptions, repository information, metadata, naming conventions, and overall package structure. During a quick dependency review, these malicious packages appeared convincing enough to avoid immediate suspicion.

This level of impersonation demonstrates how attackers understand developer behavior. Many software engineers quickly review package names without performing deep verification, especially when working under tight deadlines.

Hidden Second-Stage Malware

The attack did not stop at fake package names.

Researchers discovered that the malicious packages secretly installed additional payloads after installation.

The second-stage packages included:

quirky-token

react-icon-svgs

rollup-plugin-polyfill-connect

swift-parse-stream

These packages were also disguised as harmless utilities, primarily SVG processing libraries. Behind the scenes, however, they contacted remote infrastructure through JSONKeeper, downloaded hidden JavaScript payloads, and executed them directly within the victim’s environment.

Using layered payloads significantly complicates detection because the first package often appears relatively harmless while the actual malware arrives later.

Environment Detection Helps Malware Stay Hidden

One of the most sophisticated elements of this campaign is its extensive anti-analysis functionality.

Before activating its malicious payload, the malware checks whether it is running inside:

Cloud Development Platforms

Cloud-based coding environments are commonly monitored by security researchers. The malware attempts to avoid executing within these systems.

Sandbox Environments

Automated malware analysis systems often rely on isolated sandboxes. Detecting these environments helps attackers remain undetected.

Serverless Platforms

Serverless runtimes are frequently used for automated testing. Execution is avoided if these environments are detected.

Security Research Infrastructure

Various indicators are examined to determine whether researchers are inspecting the malware.

Only after successfully bypassing these checks does the malware proceed to its next stage.

Remote Access Capabilities Go Far Beyond Credential Theft

After evading analysis environments, the malware contacts an external command server to download encrypted JavaScript code.

Once decrypted, the final payload provides attackers with extensive control over infected systems.

Researchers observed capabilities including:

Interactive terminal sessions

Remote command execution

Screenshot collection

Process termination

Clipboard monitoring

File collection

Browser credential theft

Cryptocurrency wallet theft

Keyboard simulation

Mouse movement

Mouse clicks

Mouse scrolling

Keyboard shortcuts

Using the @nut-tree-fork/nut-js package, attackers can remotely interact with Windows systems almost as though they were physically sitting in front of the computer.

Developer Workstations Are Prime Targets

Unlike traditional malware focused on ordinary users, this campaign specifically targets software developers.

Modern developer machines frequently contain:

Git credentials

SSH private keys

Cloud provider credentials

npm authentication tokens

Source code

API secrets

AI platform credentials

CI/CD configurations

Deployment keys

Compromising just one developer workstation can provide attackers with access to an organization’s entire software supply chain.

AI Development Tools Also Become Valuable Targets

The malware specifically searches for configuration files associated with numerous developer and AI platforms.

Researchers observed targeted collection of:

Microsoft Visual Studio Code

Cursor

Windsurf

AWS configurations

Microsoft Azure credentials

Google Gemini configurations

Anthropic Claude settings

Foundry configurations

SSH keys

Z shell history

The inclusion of AI-related configurations demonstrates that attackers recognize how valuable modern AI development environments have become.

Links to Previous Lazarus Campaigns

Researchers noted multiple similarities with earlier campaigns attributed to North Korean threat actors, particularly those associated with the Lazarus Group.

Earlier investigations documented npm packages distributing malware families such as:

BeaverTail

OtterCookie

Both malware families have previously appeared in operations targeting developers through fake job interviews and software development projects.

Several technical characteristics overlap strongly with those earlier campaigns, including package naming strategies, execution flow, remote control features, and credential theft mechanisms.

Supply Chain Attacks Continue to Expand

The Rollup impersonation campaign is only one part of a much broader wave of software supply chain attacks.

Researchers from Checkmarx, SafeDep, AWS, and other security organizations recently uncovered multiple malicious ecosystems operating across npm and PyPI.

Among the latest discoveries were trojanized Pyrogram forks capable of granting full remote control through hidden Python backdoors. Additional npm packages impersonated Polymarket development tools while stealing browser credentials, cryptocurrency wallet data, AWS credentials, SSH keys, Docker configurations, password manager databases, and developer secrets.

Other campaigns included fake credential monitoring SDKs containing hidden backdoors, Rust-based malware delivered through post-install scripts, cryptocurrency wallet stealers communicating through Slack and Telegram, and malware using Ethereum smart contracts as dead-drop command channels.

One particularly advanced attack separated its malicious logic between a harmless npm package and a GitHub-hosted dependency, allowing it to bypass many automated security scanners commonly used during dependency reviews.

Why Open Source Trust Is Being Exploited

Open source repositories have become one of the most attractive attack surfaces in cybersecurity.

Millions of developers automatically install third-party packages every day. Most dependencies are trusted based on popularity or familiar naming conventions rather than detailed code inspection.

Threat actors exploit this behavior by publishing packages whose names closely resemble legitimate libraries.

A single accidental installation can immediately expose development environments containing valuable intellectual property, production credentials, cloud infrastructure access, and sensitive enterprise secrets.

As organizations continue adopting DevOps automation and AI-assisted coding, software supply chain attacks are likely to become even more damaging.

Deep Analysis: Linux Commands That Help Detect Suspicious npm Activity

Security teams can improve visibility into development environments using common Linux commands alongside automated dependency scanning.

Useful commands include:

npm ls
npm audit
npm doctor
npm cache verify
cat package.json
cat package-lock.json
find ~/.npm -type f

grep -R postinstall .

grep -R preinstall .

grep -R eval( .

grep -R child_process .

grep -R exec( .

grep -R spawn( .

history

env
printenv
ps aux
netstat -tulpn
ss -tulpn
lsof -i
curl -I https://registry.npmjs.org
sha256sum package-lock.json
find . -name ".js"
find ~/.ssh
ls -la ~/.aws
journalctl

Administrators should regularly audit dependency trees, verify package integrity, monitor post-install scripts, inspect network connections initiated by development environments, and rotate credentials immediately after discovering suspicious package installations. Automated Software Composition Analysis (SCA), dependency pinning, integrity verification, and continuous monitoring should become standard practices across CI/CD pipelines. Combining package reputation analysis with runtime behavior monitoring provides significantly better protection than relying solely on static dependency scanning.

What Undercode Say:

The latest npm campaign demonstrates that software supply chain attacks are rapidly becoming one of the most dangerous threats facing modern software development.

Rather than attacking enterprise infrastructure directly, threat actors increasingly target developers because they represent the shortest path to privileged environments.

This campaign illustrates exceptional operational planning.

Instead of delivering malware immediately, attackers split execution across multiple packages.

Layered payload delivery significantly reduces detection rates.

Package impersonation continues to prove highly effective.

Many organizations still depend heavily on package names instead of cryptographic verification.

The attackers also invested heavily in believable metadata.

Copying repository information increases user confidence.

The environmental detection routines show clear operational maturity.

Avoiding cloud IDEs and security sandboxes reduces exposure.

The

Interactive desktop control greatly increases attacker flexibility.

Clipboard monitoring suggests interest in cryptocurrency theft.

Searching for AI configuration files reflects changing attacker priorities.

Developer workstations now contain far more valuable assets than traditional office computers.

Cloud credentials can enable immediate lateral movement.

SSH keys may provide persistent infrastructure access.

Source code theft creates long-term strategic risks.

CI/CD compromise could poison software releases.

Dependency confusion remains an underestimated problem.

Typosquatting continues to succeed despite years of awareness campaigns.

Organizations should implement package allowlists whenever possible.

Software bills of materials improve visibility.

Continuous dependency monitoring should become mandatory.

Manual code reviews remain important.

Runtime monitoring is equally critical.

Behavioral detection often identifies attacks missed by signature-based scanners.

Credential rotation should follow every confirmed compromise.

Package provenance verification is becoming increasingly necessary.

Cryptographic signing will likely become more widespread.

AI-assisted development introduces new security challenges.

Security awareness training must evolve alongside developer tooling.

Third-party package governance deserves executive attention.

Open source remains essential for innovation.

However, trust should never replace verification.

Organizations that proactively secure their development pipelines will significantly reduce exposure to future supply chain attacks.

✅ Confirmed: JFrog documented malicious npm packages impersonating legitimate Rollup polyfill tooling and linked the campaign to techniques previously associated with North Korean threat actors.

✅ Confirmed: The malware includes credential theft, remote access capabilities, environment detection, and developer-focused data collection targeting cloud credentials, SSH keys, browser data, and cryptocurrency wallets.

✅ Partially Confirmed: While multiple technical similarities connect this activity to previous Lazarus operations, attribution in cyber threat intelligence is based on behavioral and infrastructure analysis rather than absolute public proof, meaning attribution remains a high-confidence assessment rather than unquestionable fact.

Prediction

(+1) Software registries will continue strengthening automated detection systems for malicious packages using behavioral analysis instead of simple signature matching.

(+1) Organizations will increasingly adopt software provenance verification, signed packages, and stricter dependency governance across CI/CD pipelines.

(-1) Threat actors will continue producing increasingly convincing fake packages targeting AI developers, cloud engineers, cryptocurrency users, and open source maintainers, making software supply chain attacks more sophisticated in the coming years.

▶️ Related Video (78% Match):

🕵️‍📝Let’s dive deep and fact‑check.

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

References:

Reported By: thehackernews.com
Extra Source Hub (Possible Sources for article):
https://www.reddit.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube