North Korean Hackers Target Open Source Developers in Supply Chain Attacks
North Korean hackers are targeting open source software developers with a backdoor and an information stealer as part of a broad supply chain campaign, Socket reports.
Referred to as PolinRider, the campaign has been ongoing since December 2025, using compromised GitHub repositories injected with JavaScript loaders leading to the DEV#POPPER remote access trojan (RAT) and the OmniStealer information stealer.
Associated with the broader Contagious Interview operation, which includes tactics also seen in the DeceptiveDevelopment, Operation Dream Job, and ClickFake Interview campaigns, PolinRider is targeting developers across NPM, Packagist, Go modules, and Chrome extensions.
To date, Socket has identified 162 malicious release artifacts across 108 unique packages, with more expected to emerge as the campaign continues.
As part of the attacks, the threat actor compromises maintainer accounts to tamper with legitimate repositories and push infected packages. Additionally, the attackers rely on Git history rewriting to make the malicious...
Copyright of this story solely belongs to securityweek.com. To see the full text click HERE