Tech & Startups
North Korea-linked npm packages impersonate Rollup polyfill tools to steal developer secrets
Security researchers at JFrog have identified a set of malicious npm packages linked to North Korean threat actors that impersonate legitimate Rollup polyfill tooling to steal developer credentials and enable remote access to compromised machines. The packages, named “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core,” mimic the legitimate “rollup-plugin-polyfill-node” project down to its description, repository metadata, and package structure. […] This story continues at The Next Web
This story was reported by The Next Web. EUROPES curates Europe's most relevant coverage — read the full report at the original source.
Read full coverage at The Next Web →