N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

2026-04-08

1 min read

by info@thehackernews.com (The Hacker News)

Read Original

Get the latest tech trends every morning

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Endigest AI Core Summary

North Korean threat actors behind the 'Contagious Interview' campaign have distributed over 1,700 malicious packages across npm, PyPI, Go, Rust, and PHP ecosystems since January 2025.

•Packages impersonate legitimate developer tooling while functioning as malware loaders that fetch second-stage payloads with infostealer and RAT capabilities
•The Windows variant via 'license-utils-kit' includes a full post-compromise implant supporting keylogging, browser data theft, AnyDesk deployment, and additional module downloads
•Malicious code is embedded inside legitimate-looking functions rather than triggered at install time, e.g., hidden within 'Logger::trace(i32)' in the 'logtrace' package
•UNC1069 (overlapping with BlueNoroff/Sapphire Sleet) conducts multi-week social engineering via Telegram, LinkedIn, and Slack using fake Zoom/Teams links to deliver ClickFix-like malware

N. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust

Get the latest tech trends every morning

Endigest AI Core Summary

Related Articles

Guardrails at the gateway: Securing AI inference on GKE with Model Armor

EngageLab SDK Flaw Exposed 50M Android Users, Including 30M Crypto Wallets

ThreatsDay Bulletin: Hybrid P2P Botnet, 13-Year-Old Apache RCE and 18 More Stories

Adobe Reader Zero-Day Exploited via Malicious PDFs Since December 2025