Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
North Korean Supply Chain Cyber Attacks on Open Source Developers

North Korean Supply Chain Cyber Attacks on Open Source Developers

Posted on July 6, 2026 By CWS

North Korean cybercriminals have launched a sophisticated campaign targeting open source software developers. The initiative, identified by cybersecurity firm Socket, involves using a backdoor and an information-stealing mechanism to infiltrate software supply chains.

Details of the PolinRider Campaign

Operating under the name PolinRider, this campaign has been active since December 2025. Hackers have been injecting compromised GitHub repositories with JavaScript loaders, leading unsuspecting users to the DEV#POPPER remote access trojan (RAT) and the OmniStealer information stealer.

PolinRider is part of the larger Contagious Interview operation, which shares tactics with campaigns like DeceptiveDevelopment and Operation Dream Job. The primary targets are developers using platforms such as NPM, Packagist, Go modules, and Chrome extensions.

Scope and Impact of the Attack

To date, Socket has discovered 162 malicious artifacts within 108 distinct packages, and the numbers are expected to rise. Attackers compromise maintainer accounts to alter legitimate repositories, pushing infected packages to unsuspecting developers.

These cybercriminals use Git history rewriting to disguise the age of malicious changes, further complicating detection efforts. The altered repositories include obfuscated JavaScript loaders that connect to blockchain and public RPC infrastructure, facilitating encrypted payload retrieval.

Response and Recommendations

One notable incident involved the compromise of the Xpos587 GitHub account, where repositories were tampered with on June 23. The campaign has since extended to Packagist, compromising packages under the sevenspan namespace during a cleanup operation.

Socket advises any teams that installed affected packages or extensions to consider their environments compromised. It’s crucial to conduct remediation from a clean machine, as PolinRider targets developer setups and may risk exposing sensitive credentials.

Security professionals emphasize the need for ongoing vigilance as these attacks highlight the vulnerabilities in software supply chains, particularly in open source environments.

Security Week News Tags:Cybersecurity, developer security, GitHub, information stealer, JavaScript loaders, North Korea, Open Source, PolinRider, remote access trojan, supply chain attacks

Post navigation

Previous Post: Cybersecurity Weekly: Proxy Networks and AI Threats
Next Post: ModSecurity Flaws Allow Firewall Rule Bypass

Related Posts

Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia Chipmaker Patch Tuesday: Many Vulnerabilities Addressed by Intel, AMD, Nvidia Security Week News
European Commission Probes Cyberattack on IT Systems European Commission Probes Cyberattack on IT Systems Security Week News
Perspective: Why Politics in the Workplace is a Cybersecurity Risk Perspective: Why Politics in the Workplace is a Cybersecurity Risk Security Week News
Canvas Restores Access After Cyberattack Disruption Canvas Restores Access After Cyberattack Disruption Security Week News
Bonfy.AI Raises .5 Million for Adaptive Content Security Platform Bonfy.AI Raises $9.5 Million for Adaptive Content Security Platform Security Week News
Security Concerns Rise with AI-Driven Vibe Coding Security Concerns Rise with AI-Driven Vibe Coding Security Week News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Linux Bad Epoll Vulnerability Exposes Critical Root Access Risk
  • Chinese Hackers Use Fake Tax Tools in India to Deploy DcRAT
  • ModSecurity Flaws Allow Firewall Rule Bypass
  • North Korean Supply Chain Cyber Attacks on Open Source Developers
  • Cybersecurity Weekly: Proxy Networks and AI Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Linux Bad Epoll Vulnerability Exposes Critical Root Access Risk
  • Chinese Hackers Use Fake Tax Tools in India to Deploy DcRAT
  • ModSecurity Flaws Allow Firewall Rule Bypass
  • North Korean Supply Chain Cyber Attacks on Open Source Developers
  • Cybersecurity Weekly: Proxy Networks and AI Threats

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark