North Korean threat actors have expanded their Contagious Interview campaign through malicious npm packages that deliver BeaverTail malware and a new Remote Access Trojan (RAT) loader. These packages, which mimicked legitimate utilities, were downloaded over 5,600 times before being removed. Researchers noted the use of hexadecimal string encoding to avoid detection, showcasing an evolution in the threat's obfuscation methods. Among these, dev-debugger-vite was identified with connections to previous malicious campaigns, emphasizing the actors' strategy of infiltrating developer environments under the guise of job interviews to enable data theft and system infiltration.
The packages in question, which were collectively downloaded more than 5,600 times prior to their removal, are listed below -
Collection
[
|
...
]