Dozens of malicious NPM packages deployed in new Contagious Interview attack wave

North Korean state-sponsored threat actors have uploaded 35 malicious NPM packages to compromise software engineers with backdoors in a new wave of attacks part of the Contagious Interview campaign, according to The Hacker News.

All of the NPM packages, which have amassed more than 4,000 downloads, had the HexEval loader enabling the gathering of host details and deployment of a payload delivering the BeaverTeal information-stealing malware, which then executes the InvisibleFerret backdoor that allows data exfiltration and remote device control, a report from Socket revealed. Most of the erring packages have already been removed from the NPM repository "This malicious campaign highlights an evolving tradecraft in North Korean supply chain attacks, one that blends malware staging, OSINT-driven targeting, and social engineering to compromise developers through trusted ecosystems," said Socket researchers. Such findings come after other versions of the Contagious Interview campaign were reported to have involved the ClickFix social engineering technique.