惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Security Archives - TechRepublic
Security Archives - TechRepublic
Project Zero
Project Zero
K
Kaspersky official blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
T
The Blog of Author Tim Ferriss
Cyberwarzone
Cyberwarzone
Y
Y Combinator Blog
Recorded Future
Recorded Future
Blog — PlanetScale
Blog — PlanetScale
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
Microsoft Security Blog
Microsoft Security Blog
H
Help Net Security
S
Schneier on Security
P
Palo Alto Networks Blog
H
Hacker News: Front Page
N
News and Events Feed by Topic
N
Netflix TechBlog - Medium
博客园 - Franky
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
SecWiki News
SecWiki News
Cloudbric
Cloudbric
TaoSecurity Blog
TaoSecurity Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The Hacker News
The Hacker News
C
Check Point Blog
L
LangChain Blog
腾讯CDC
小众软件
小众软件
T
Tenable Blog
Google DeepMind News
Google DeepMind News
GbyAI
GbyAI
L
LINUX DO - 最新话题
A
About on SuperTechFans
Google Online Security Blog
Google Online Security Blog
C
Cisco Blogs
Recent Announcements
Recent Announcements
Hacker News: Ask HN
Hacker News: Ask HN
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
雷峰网
雷峰网
美团技术团队
D
DataBreaches.Net
Martin Fowler
Martin Fowler
Help Net Security
Help Net Security
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
F
Full Disclosure
博客园_首页

Socket

Suno Breached via Shai-Hulud Worm, Leaked Code Exposes AI Mu... Next.js moves to scheduled security releases - Socket 11 Malicious NuGet Tools Pose as Game Cheats to Drop a Windo... Compromised npm Packages in the AsyncAPI Namespace Deliver M... jscrambler npm Package Compromised in Supply Chain Attack - ... Fake Braintree NuGet Package Skims Credit Cards and Harvests... Compromised Injective SDK npm Package Exfiltrates Wallet Key... npm v12 Ships With Install Scripts Off by Default, Begins De... Malicious Go Module Exposes GitHub Malware Lure Network Span... pnpm 11.10 Hardens Registry Authentication to Block Token Re... Coordinated npm and PyPI Campaign Typosquats Popular Secure ... Node.js Considers Public Workflow for Security Reports Amid ... Risky Biz Podcast: AI Agents Are Raising the Stakes for Soft... Chrome and Firefox Extensions Posing as Free VPNs Add Clipbo... Miasma Mini Shai-Hulud Hits ImmobiliareLabs npm Packages - S... Rolldown Pulls Rust React Compiler Integration After Binary ... Miasma Mini Shai-Hulud Hits LeoPlatform npm Packages and Git... Frontier AI Is Now Critical Infrastructure - Socket The Code You Didn't Write Is Still Yours to Defend - Socket GitHub Actions Checkout Now Blocks Risky pull_request_target... Introducing Repository Access Permissions and Custom Roles -... Socket MCP Adds Org Alerts, Threat Feed Review, and Package ... Socket Firewall Now Blocks Malicious VS Code and Open VSX Ex... 140+ Mastra npm Packages Compromised in Coordinated Supply C... npm Package Uses Prompt Injection and Token Flooding to Disr... Introducing Manifest Alerts - Socket GlassWASM: WebAssembly Malware Found in Trojanized Open VSX ... Socket for Linear Is Now Available - Socket US Government Forces Anthropic to Pull Claude Fable Days After Launch 152 Chrome Live Wallpaper Extensions Hid Ad Tracking and Faked Google Search Traffic Andrew Becherer Joins Socket as Chief Information Security Officer Socket Partners with Replit to Block Malicious Packages in AI-Powered Development npm Tooling Bug Incorrectly Marks One-Character Packages as Security Holders Mini Shai-Hulud, Miasma, and Hades Worms Target Bioinformatics and MCP Developers via Malicious PyPI Wheels Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems RubyGems Adds Cooldown Feature to Bundler for Newly Published Gems pnpm 11.5 Adds Support for Recognizing npm Staged Publishes pnpm 11.5 Adds Support for Recognizing npm Staged Publishes Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Federal Audit Finds NIST Wasted Funds With No Plan to Clear NVD Backlog Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages Famous Chollima Targets PHP Developers Through Compromised Packagist Package Famous Chollima Targets PHP Developers Through Compromised Packagist Package Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate Rust Moves to Restrict LLM Use in Contributions After Months of Internal Debate Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Malicious NuGet Package Impersonates Sicoob SDK to Exfiltrate Banking Certificates and Passwords Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security Feross on TBPN: Socket's Series C and the State of Software Supply Chain Security OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI OSV Withdraws 157 Malware Reports After Automated False Positives Hit npm and PyPI TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io Laravel Lang Compromised with RCE Backdoor Across 700+ Versions Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects AI Has Taken Over Open Source npm Invalidates Granular Access Tokens as Mini Shai-Hulud Sweeps the Registry Coruna Respawned: Compromised art-template npm Package Leads to iOS Browser Exploit Kit Socket raises $60M Series C at $1B valuation led by Thrive Capital to secure AI-driven software development Socket Raises $60M Series C at a $1B Valuation to Help Enterprises Build Securely With AI Popular Go Decimal Library Targeted by Long-Running Typosquat with DNS Backdoor Active Supply Chain Attack Compromises @antv Packages on npm Popular node-ipc npm Package Infected with Credential Stealer TeamPCP and BreachForums Launch $1,000 Contest for Supply Chain Attacks Packagist Urges Immediate Composer Update After GitHub Actions Token Leak GemStuffer Campaign Abuses RubyGems as Exfiltration Channel Targeting UK Local Government Socket Named to Rising in Cyber 2026 List of Top Cybersecurity Startups TanStack npm Packages Compromised in Ongoing Mini Shai-Hulud Supply-Chain Attack fsnotify Maintainer Dispute Sparks Supply Chain Concerns Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape 5 Malicious NuGet Packages Impersonate Chinese UI Libraries to Distribute Crypto Wallet and Credential Stealer pnpm 11 Adds Supply Chain Protection Defaults for Minimum Release Age and Exotic Subdependencies PyPI Fixes High-Severity Access Control Issues Found in Security Audit Malicious Ruby Gems and Go Modules Impersonate Developer Tools to Steal Secrets and Poison CI Mini Shai-Hulud Spreads to Packagist: Malicious Intercom PHP Package Follows npm Compromise Intercom’s npm Package Compromised in Ongoing Mini Shai-Hulud Worm Attack lightning PyPI Package Compromised in Supply Chain Attack Malicious npm Package Brand-Squats TanStack to Exfiltrate Environment Variables SAP CAP npm Packages Hit by Supply Chain Attack Socket Has Acquired Secure Annex 73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations Introducing Reachability for PHP Introducing Data Exports Malicious Checkmarx Artifacts Found in Official KICS Docker Repository and Code Extensions Introducing Organization Notifications in Socket Introducing Reports: An Extensible Reporting Framework for Socket Data Socket for Jira Is Now Available Socket Named Top Sales Organization by RepVue NIST Officially Stops Enriching Most CVEs as Vulnerability Volume Skyrockets Socket Selected for OpenAI's Cybersecurity Grant Program Feross on the 10 Minutes or Less Podcast: Nobody Reads the Code 108 Chrome Extensions Linked to Data Exfiltration and Session Theft via Shared C2 Infrastructure Node.js Drops Bug Bounty Rewards After Funding Dries Up The Hidden Blast Radius of the Axios Compromise
PolinRider: North Korea-Linked Supply Chain Campaign Expands...
Karlo Zanki · 2026-07-02 · via Socket

Sidebar CTA Background

Secure your dependencies with us

Socket proactively blocks malicious open source packages in your code.

Install

Socket Threat Research Team identified 162 malicious release artifacts across 108 packages and extensions in npm, Packagist, Go modules, and Chrome extensions, linking the activity to the broader North Korean Contagious Interview / Famous Chollima developer-targeting campaign.

PolinRider is a supply chain campaign linked to North Korean threat actors associated with the broader Contagious Interview / Famous Chollima activity cluster. Our latest findings show that the campaign has expanded beyond npm into additional open source ecosystems, with 162 malicious release artifacts identified across 108 unique packages, including compromise traces in 80 Go modules, 10 Packagist packages, and one Chrome extension. The campaign remains active, and new malicious packages are likely to continue appearing as threat actors compromise maintainer accounts, modify legitimate repositories, and publish infected package versions where they retain or obtain registry access.

The core tradecraft remains consistent across the campaign: threat actors plant obfuscated JavaScript loaders in legitimate repositories, conceal the code through whitespace padding or fake .woff2 font files, and trigger execution through developer tooling such as VS Code task files. The threat actors use Git history rewriting, including force pushes and anti-dated commits to make malicious changes appear older and less suspicious. This makes the GitHub landing page and visible commit history unreliable indicators of compromise; defenders should review repository activity logs, package release metadata, VS Code task configuration, and suspicious changes to configuration files.

Once deobfuscated, the payload functions as a JavaScript malware loader that reaches out to blockchain and public RPC infrastructure, including TRON, Aptos, and BNB Smart Chain services, retrieves encrypted second-stage payload material, decrypts it with embedded XOR keys, and executes the result with eval(). Current observed payloads include DEV#POPPER and OmniStealer, but the loader-based design means the campaign should be treated as capable of delivering additional malware. Teams that installed affected package versions should treat the environment as compromised, preserve forensic artifacts, rebuild from known-good lockfiles, rotate exposed secrets from a clean machine, and audit developer workstations and repositories for hidden execution paths.

PolinRider is ongoing, and Socket continues to identify fresh compromises, malicious package versions, and extensions tied to this campaign. Because the threat actors repeatedly compromise legitimate repositories and expand across ecosystems, additional affected artifacts are likely to surface. Socket is tracking the campaign on a live page, where affected packages, versions, and updates are added as they are confirmed: https://socket.dev/supply-chain-attacks/polinrider

New Packages, Old Techniques#

PolinRider’s typical operating pattern involves compromising legitimate GitHub repositories and planting malicious commits containing obfuscated JavaScript loaders. In many cases, the malicious code is inserted as a one-line payload and hidden from immediate view by padding the line with whitespace, pushing the executable code beyond the default screen width.

In some observed cases, the activity is consistent with GitHub maintainer-account takeover, potentially through expired domain takeover or another account recovery path. Once the threat actors control a maintainer account, they can modify multiple repositories and, where registry access is available, publish malicious package versions to downstream ecosystems.

One recent example is the Xpos587 GitHub account. Several repositories maintained by this account were modified in the same narrow time window on June 23 at 10:00 UTC. This synchronized update pattern is unlikely to reflect normal maintainer activity and is consistent with account-level compromise followed by bulk repository modification.

The Xpos587 repository list shows multiple unrelated projects updated in the same period, with aligned activity spikes across repositories. This pattern indicates coordinated account-level modification rather than ordinary per-project maintenance.

Commit history alone may not reveal the compromise. In some affected repositories, the visible GitHub file view and latest commit metadata appear benign, with changes dated months earlier and commit messages that resemble routine maintenance. This makes the repository appear trustworthy unless reviewers inspect additional GitHub activity signals.

The Xpos587/markfetch repository appears normal in the standard GitHub file view, with routine-looking commit messages and file timestamps dating back months. This view can obscure later evidence of malicious changes when repository history has been rewritten.

Evidence of Git history rewriting appears in the repository’s GitHub Activity tab. In this case, the Activity view shows a recent force push that modified prior commit history. As a result, the main repository page gives the impression that nothing changed recently, while the Activity tab reveals that older-looking commits were altered after the fact to insert malicious payloads.

GitHub Activity exposes the force push used to rewrite repository history. While the main file view suggests the repository had not changed for months, the Activity tab shows recent modification of older commits, consistent with backfilled malicious payload insertion.

When threat actors gain both repository access and the ability to publish to a package registry, the compromise can extend beyond GitHub into downstream package ecosystems. In the Xpos587 case, malicious versions of affected Go modules were published after repositories under the account were modified.

Socket flags a malicious Xpos587/git2md Go module release under the Xpos587 account, showing how repository compromise can propagate into published package artifacts when registry access is available.

We did not observe malicious releases from this maintainer’s PyPI account. This may indicate that the threat actors did not obtain the required PyPI publishing credentials, were blocked by PyPI security controls, or otherwise lacked the access needed to publish malicious Python package versions.

PolinRider Expands to Packagist#

Recent PolinRider activity shows the campaign expanding into Packagist, with several compromised packages identified under the sevenspan namespace, which is maintained by the 7span organization. Repository maintainers identified part of the compromise and removed fake .woff2 font files from affected GitHub repositories and packages.

The 7span commit timeline shows anti-dated January 8 commits associated with malicious payload insertion, followed by a May 16 commit removing PolinRider from one affected repository.

The cleanup did not remove all PolinRider payload variants. While the fake-font payloads were detected and removed, obfuscated JavaScript hidden in configuration files remained present in some affected repositories. This shows that remediation focused only on one payload-hiding method can miss other variants used by the same campaign.

The GitHub diff shows obfuscated JavaScript appended inside vite.config.js alongside normal configuration code. Because Git history was rewritten, the malicious code appears to be part of an older legitimate commit rather than a recent compromise.

We did not observe corresponding malicious npm releases from the same organization in this case. This suggests the threat actors may not have obtained the npm publishing secrets or registry access needed to push malicious versions to npm, even though related GitHub repositories were modified.

Payload Hiding and Loader Execution#

Across observed PolinRider variants, the malicious code typically functions as an obfuscated JavaScript loader after deobfuscation. In some cases, the loader reaches out to blockchain and public RPC infrastructure, including TRON, Aptos, and BNB Smart Chain services, retrieves encrypted second-stage payload material, decrypts it with embedded XOR keys, and executes the result with eval(). Observed follow-on payloads include DEV#POPPER and OmniStealer, which provide capabilities such as command execution, socket.io-client-based C2 communication, credential theft, browser-data theft, and wallet exfiltration. However, the loader-based design should be treated as capable of delivering additional malware as the campaign evolves.

The Socket Threat Research Team has identified two primary payload-hiding methods associated with PolinRider. Earlier activity commonly hid obfuscated JavaScript inside configuration files, including *config.js files. More recent variants hide the loader inside fake .woff2 font files and trigger execution through VS Code task files.

The .vscode/tasks.json file defines a hidden task that runs on folder open and executes a fake .woff2 font file with Node.js. This turns a file that appears to be a static font asset into an execution path for the obfuscated JavaScript loader.

Both methods appear across compromised repositories linked to the previously discussed Xpos587 GitHub account. The Xpos587/markfetch repository used the fake-font variant, while the Artiffusion-Inc/mirofish repository contained a payload hidden in vite.config.js, inserted by the same Xpos587 user. The reason the threat actors choose one hiding method over another in specific repositories remains unclear.

Defensive Guidance#

Teams that installed any affected package or extension version should treat the installing environment as potentially compromised until reviewed. Because PolinRider targets developer environments and may expose package registry, source code, cloud, and CI/CD credentials, remediation should be performed from a clean machine, not from the potentially infected host.

Recommended response:

  1. Preserve forensic artifacts before cleanup where possible.
  2. Identify every developer machine that installed affected package versions.
  3. Remove affected versions and rebuild from a known-good lockfile.
  4. Rotate npm, GitHub, PyPI, RubyGems, cloud, Vault, Kubernetes, Docker, SSH, Slack, Twilio, and CI/CD secrets exposed to affected environments from a clean machine, not from the potentially infected host.
  5. Audit developer machines for VS Code tasks having "runOn": "folderOpen" run option configured. Search for commands that execute files with untypical extensions - like commands executing _.woff2 files with node.
  6. Audit GitHub repositories for suspicious commits modifying .vscode/tasks.json, config.js, vite.config.js, eslint.config.js, or files under font/static asset directories.
  7. Review GitHub Activity logs, not only visible commit history, because PolinRider activity has included force pushes and rewritten history that can make malicious changes appear older or less suspicious.
  8. Review package registry publication history for unexpected releases following repository modification, especially where maintainers had access to multiple ecosystems.

Indicators of Compromise#

Latest Wave: Accounts, Namespaces, and Repositories

  • Xpos587 — GitHub account
  • Xpos587/git2md
  • Xpos587/markfetch
  • Artiffusion-Inc/mirofish
  • sevenspan — Packagist namespace
  • 7span — GitHub organization
  • 7span/react-list

PolinRider Affected Packages

Loading affected packages…