North Korea-linked npm malware impersonates Rollup polyfills to harvest developer secrets and enable remote access
thenextweb.com

North Korea-linked npm malware impersonates Rollup polyfills to harvest developer secrets and enable remote access

Tech News
3 min read

Published by AINave Editorial • Reviewed by Ramit

TL;DRJFrog discovered six malicious npm packages linked to Lazarus that impersonate Rollup polyfill tools to steal cloud credentials and enable remote access.

Security researchers at JFrog have uncovered a North Korea-linked npm malware campaign that impersonates Rollup polyfill tooling to steal developer credentials and enable remote access. The six packages, named rollup-packages-polyfill-core and rollup-runtime-polyfill-core, mimic the legitimate rollup-plugin-polyfill-node project down to its description and metadata. The malware harvests credentials for AWS, Azure, Google Gemini, Anthropic Claude, and SSH keys while enabling remote terminal control.

What happened

The attack uses a layered delivery chain designed to evade detection. First-stage packages install hidden second-stage dependencies disguised as SVG utilities. Those dependencies fetch a JSON object from a remote hosting service and execute the payload embedded in it. The structure, combined with lookalike names, legitimate metadata, and environment checks that avoid sandboxes and cloud development platforms, is consistent with previous Lazarus-linked npm campaigns.

Once the later stages execute, the malware collects data from web browsers and cryptocurrency wallets, captures clipboard content periodically, and harvests files matching specific extensions. It also targets developer tool configurations for VS Code, Windsurf, and Cursor, along with credentials for AWS, Microsoft Azure, Google Gemini, Anthropic Claude, and SSH keys.

All six packages have been removed from the npm registry since discovery. The campaign is not isolated: earlier in the year, Panther researchers documented a sustained Lazarus npm operation that published 108 malicious packages across 261 versions to deliver BeaverTail and OtterCookie, two known malware families linked to the Contagious Interview campaign. The latest packages share features with OtterCookie, including a forked keyboard and mouse control library that enables interactive remote terminal sessions, screenshot capture, and simulated user input on compromised Windows machines.

Why AI builders should care

Rollup plugins are commonly loaded from developer workstations and CI build pipelines. These environments often hold access to sensitive assets including source code, API keys, and project secrets. A single compromised package can give an attacker credentials to cloud infrastructure, AI model APIs (Gemini, Claude), and SSH keys used for deployment.

North Korea-linked actors have repeatedly targeted open-source ecosystems including npm and PyPI. Similar campaigns have used fake Teams updates to compromise the Axios npm maintainer account and have been linked to broad supply-chain attacks. For teams building AI products, the blast radius includes not just stolen secrets but potential tampering with models, pipelines, or deployment artifacts.

Practical implications

Developers should treat npm packages with heightened scrutiny, especially those that mimic legitimate tooling or have unusual dependency chains. Look for second-stage dependencies disguised as utilities and verify publisher identity through registry metadata.

Organizations should implement Software Bill of Materials (SBOM) tracking, package signing where available, and stricter lockfile hygiene. Monitoring for unusual tool configurations, credential exfiltration indicators, and clipboard captures can help early detection.

Caveats

Exact technical details and indicators of compromise may evolve as investigations continue. Public reporting summarizes attacker capabilities at the time of analysis; nuances of second-stage payloads and specific file targets could vary across versions. Entity attribution to Lazarus is based on security analyses and may be refined as evidence accumulates.

FAQs

What are the North Korea-linked npm packages impersonating Rollup polyfills?

They are six malicious npm packages named rollup-packages-polyfill-core and rollup-runtime-polyfill-core that impersonate the legitimate rollup-plugin-polyfill-node project. They were linked to Lazarus and removed from npm after discovery.

How do these malicious npm packages steal credentials and enable remote access?

They use a layered delivery chain: first-stage packages install hidden second-stage dependencies disguised as SVG utilities, which fetch a remote payload and execute it. The malware then collects cloud credentials (AWS, Azure, Gemini, Claude), SSH keys, browser and wallet data, and enables remote terminal control via a forked keyboard and mouse library.

Which assets and credentials are targeted by the campaign (e.g., cloud credentials, SSH keys)?

The campaign targets AWS, Microsoft Azure, Google Gemini, and Anthropic Claude credentials, SSH keys, browser data, cryptocurrency wallet data, and developer tool configurations for VS Code, Windsurf, and Cursor.

How can developers protect their projects and CI pipelines from supply-chain attacks on npm?

Developers should scrutinize packages that imitate legitimate tooling, verify publisher identity, use lockfiles consistently, enable SBOMs, and monitor for anomalous dependency patterns or attempts to access cloud credentials and SSH keys.

Sources

Latest Tech News