Bogus npm Packages Used to Trick Software Developers into Installing Malware
April 27, 2024 at 02:00AM A social engineering campaign named DEV#POPPER is targeting software developers with fraudulent job interviews, leading them to download and execute malicious npm packages, including a Python backdoor. The campaign is linked to North Korean threat actors. They disguise themselves as employers to distribute malware, indicating ongoing efforts to enhance their … Read more