New wave of DPRK attacks: AI‑injected npm packages, fakes and RATs threaten Web3

Colleagues, take note: cybersecurity teams have uncovered a campaign using AI‑injected npm packages and fake companies.
- ReversingLabs links the PromptMink campaign to Famous Chollima: the @validate-sdk/v2 package steals secrets and crypto wallet access; the report cites a commit involving LLM Claude Opus.
- The attack leverages multi‑level dependencies, typosquatting and library substitution; RATs, SSH backdoors and Rust components are used to hide traces.
- Operators set up fake firms and tasks on GitHub/LinkedIn to trick developers into installing malicious dependencies.
Why it matters: a direct threat to the software supply chain and Web3 developer funds.
How are you protecting dependencies in your projects?
#cybersecurity #supplychain #npm #Web3


Latest comments
No comments yet.