North Korea-Linked npm Packages Masquerade as Rollup Polyfills to Exfiltrate Developer Secrets

Published:

spot_img

North Korea-Linked npm Packages Masquerade as Rollup Polyfills to Exfiltrate Developer Secrets

Recent cybersecurity developments have revealed a new wave of malicious npm packages linked to North Korean threat actors. These packages, disguised as Rollup polyfill tools, are designed to facilitate remote access and data theft, raising significant concerns for developers and organizations relying on open-source software.

Malicious Packages Identified

Security researchers from JFrog have identified two primary malicious packages: rollup-packages-polyfill-core and rollup-runtime-polyfill-core. These packages closely mimic the legitimate rollup-plugin-polyfill-node project, replicating its description, repository metadata, and overall structure. Such mimicry can easily mislead developers during a cursory review of dependencies.

The malicious campaign also involved four additional packages that have since been removed from the npm registry:

  • quirky-token
  • react-icon-svgs
  • rollup-plugin-polyfill-connect
  • swift-parse-stream

Notably, rollup-packages-polyfill-core installs and loads swift-parse-stream, while rollup-runtime-polyfill-core installs quirky-token. Similarly, react-icon-svgs has been found to install rollup-plugin-polyfill-connect as a secondary stage.

Layered Attack Structure

The second-stage packages are designed to appear as SVG utilities that fetch JSON objects from JSONKeeper and evaluate the model field. This layered approach, combined with lookalike names and legitimate-looking metadata, employs hidden install-time execution and environment checks. These tactics align with previous npm campaigns linked to North Korean actors, particularly those associated with the Lazarus Group.

This is not the first instance of North Korean threat actors using npm packages to impersonate Rollup polyfill tools. In April 2026, a campaign was documented involving the publication of 108 malicious npm packages, delivering malware families known as BeaverTail and OtterCookie. Among these was rollup-plugin-polyfill-route, published on March 20, 2026.

Technical Mechanisms of the Attack

The attack begins with a Base64-encoded npm install command for either swift-parse-stream or quirky-token, concealed within the malicious packages. These second-stage packages masquerade as SVG sanitization utilities while reaching out to a JSON Keeper URL to execute JavaScript malware.

The JavaScript code includes checks to prevent execution in cloud development environments, sandboxes, serverless runtimes, and analysis infrastructures. Once bypassed, the malware installs necessary dependencies and connects to an external server (216.126.236[.]244) to retrieve an encrypted JavaScript payload.

The decrypted payload acts as a loader for additional scripts that enable remote access to the compromised host. This includes functionalities for interactive terminal sessions, command execution, screenshot capture, and data theft from web browsers and cryptocurrency wallets. The malware can also collect files with specific extensions and periodically capture clipboard content.

Broader Implications for Developers

The features of this malware overlap with those of the OtterCookie malware, particularly in its use of the @nut-tree-fork/nut-js package for remote mouse and keyboard control. This functionality has also been observed in other malicious packages, such as express-session-js.

JFrog highlights that Rollup plugins are often loaded from local configuration files, developer workstations, and CI jobs, which frequently have access to sensitive assets, including source code, npm tokens, Git credentials, cloud keys, SSH keys, browser data, and project secrets. The payload is not merely a downloader; it provides attackers with both collection and control capabilities, making it particularly relevant to developer workstations and build machines.

Recent Trends in Software Supply Chain Attacks

The discovery of these malicious npm packages coincides with a broader trend of software supply chain attacks. Recent reports from Checkmarx, SafeDep, and AWS security researcher Chi Tran have highlighted multiple incidents aimed at poisoning open-source package repositories and stealing valuable data.

For instance, a cluster of at least eight trojanized “pyrogram” forks was published by a threat actor operating under various identities between November 2025 and June 2026. This included a hidden backdoor that grants full remote control over any server running the infected PyPI package. This activity has been designated as Operation Navy Ghost by Checkmarx.

Another cluster of 30 npm packages mimicking Polymarket tooling targeted DeFi developers, delivering a JavaScript infostealer that reads crypto wallet vaults, browser credentials, and other sensitive data. Additionally, a Python package claiming to be a data breach-monitoring tool was found to harbor code that launches a backdoor to exfiltrate SSH private keys and other credentials.

Recommendations for Users

Users who have installed any of the identified malicious packages are strongly advised to remove them from their workstations, assume compromise, rotate credentials, and block malicious egress channels. Enabling dependency scanning in CI/CD pipelines can help flag newly published or suspicious packages.

For further details on this incident and other cybersecurity developments, refer to the original reporting source: thehackernews.com.

Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.

spot_img

Related articles

Recent articles

UK’s National Cyber Action Plan Delayed Amid Labour Leadership Crisis

UK's National Cyber Action Plan Delayed Amid Labour Leadership Crisis Britain's National Cyber Action Plan, a crucial initiative aimed at bolstering the economy against state-sponsored...

HPE Advances Virtualisation Strategy to Combat Rising Costs and Meet AI Demands

HPE Advances Virtualisation Strategy to Combat Rising Costs and Meet AI Demands As enterprises grapple with escalating licensing costs, increasing demands for artificial intelligence (AI),...

Lenovo Strengthens Security Services with Revamped Cyber Resiliency Framework to Cut Downtime by 50%

Lenovo Strengthens Security Services with Revamped Cyber Resiliency Framework to Cut Downtime by 50% Lenovo is enhancing its global Security Services portfolio with a comprehensive...

US Lifts Export Controls on Anthropic’s Fable 5 Cybersecurity AI Model After Three-Week Shutdown

US Lifts Export Controls on Anthropic's Fable 5 Cybersecurity AI Model After Three-Week Shutdown In a significant development for the cybersecurity landscape, Anthropic has restored...