Datadog Security Research discovered three malicious npm packages: passports-js, bcrypts-js, and blockscan-api, containing BeaverTail malware associated with North Korean threat actors. The packages, downloaded 323 times, targeted job-seekers in the US tech industry through a campaign named Contagious Interview. The malware, obfuscated using common techniques, steals cryptocurrency wallet and credit card information from browser caches and login keychains on Unix and Windows systems. The attackers used namesquatting to mimic legitimate packages and exploited the open source software supply chain. Two different campaign IDs were identified, suggesting potentially new efforts to target Node.js developers. The activity was linked to the Contagious Interview campaign through shared infrastructure and tactics. Author: AlienVault
Related Tags:
AlienVault
Associated Indicators: