top of page
ALL POSTS
New Wave of DPRK Attacks Leveraging AI-Generated npm Malware, Shell Companies, and Remote Access Trojans
Key Findings North Korean threat actor Famous Chollima deployed malicious npm packages designed to steal cryptocurrency wallet credentials and source code from developers Campaign codenamed PromptMink features AI-generated malware split across multiple package layers to evade detection Malware evolved from simple JavaScript stealers to sophisticated multi-platform RATs compiled in Rust, capable of establishing SSH backdoors Attack chain leverages legitimate-looking packages a
Apr 303 min read
# Critical Supply Chain Attack: Axios npm Account Compromised to Distribute Cross-Platform RAT Malware
Key Findings Attackers compromised the npm account of Axios maintainer Jason Saayman and published malicious versions 1.14.1 and 0.30.4 containing a hidden RAT malware dependency The malicious versions injected "plain-crypto-js@4.2.1" as a fake dependency that deploys cross-platform remote access trojans targeting Windows, macOS, and Linux Both poisoned versions were published within 39 minutes on March 31, 2026, bypassing GitHub Actions CI/CD verification through compromised
Mar 313 min read
bottom of page
