top of page

New Wave of DPRK Attacks Leveraging AI-Generated npm Malware, Shell Companies, and Remote Access Trojans

  • Apr 30
  • 3 min read

Key Findings


  • North Korean threat actor Famous Chollima deployed malicious npm packages designed to steal cryptocurrency wallet credentials and source code from developers

  • Campaign codenamed PromptMink features AI-generated malware split across multiple package layers to evade detection

  • Malware evolved from simple JavaScript stealers to sophisticated multi-platform RATs compiled in Rust, capable of establishing SSH backdoors

  • Attack chain leverages legitimate-looking packages as first-layer bait with hidden malicious dependencies that exfiltrate data to attacker-controlled infrastructure

  • Campaign spans from September 2025 through at least May 2026, with variants targeting both npm and Python Package Index


Background


Famous Chollima, a North Korean threat actor also known as Shifty Corsair, has been running sophisticated supply chain attacks for years through operations like the Contagious Interview campaign and fraudulent IT worker scams. The group's latest effort, PromptMink, represents a significant evolution in their tactics by weaponizing AI-generated code and cryptocurrency-focused development tools to target developers in the blockchain space.


The Attack Chain and Layered Approach


The campaign employs a clever two-layer structure to frustrate defenders. First-layer packages like "@solana-launchpad/sdk" and "@pumpfun-ipfs/sdk" appear legitimate and perform actual cryptocurrency-related functionality. Hidden within their dependency lists are second-layer malicious packages that contain the actual stealing functionality. When security teams remove compromised packages, threat actors quickly replace them, making the campaign difficult to fully eradicate.


The first-layer packages list numerous legitimate dependencies with millions or billions of downloads, such as axios and bn.js, to blend in with normal development patterns. Only a small number of dependencies are actually malicious, a strategy that helped the packages evade initial detection for months.


Technical Evolution and Obfuscation


Early versions of the malware were straightforward JavaScript-based stealers that scanned compromised systems for .env and .json files containing sensitive credentials. These were exfiltrated to a Vercel URL controlled by the attackers. However, when ReversingLabs and JFrog began tracking the campaign, the threat actors adapted.


Later versions were wrapped in Node.js single executable applications, which ballooned the payload size from 5.1KB to around 85MB and potentially raised red flags during analysis. Recognizing this problem, the group shifted to using NAPI-RS to create pre-compiled Node.js add-ons written in Rust, reducing detection surface while maintaining full functionality across Windows, Linux, and macOS platforms.


Target Selection and Distribution


The malware primarily targets developers working with Solana blockchain projects and cryptocurrency trading platforms. Packages were named to mimic legitimate SDKs and tools developers would naturally want to use. The campaign has been observed targeting autonomous AI trading agents, which aligns with Famous Chollima's interest in accessing cryptocurrency holdings and blockchain-based infrastructure.


By February 2026, the threat actors expanded their reach by pushing a variant called "scraper-npm" to the Python Package Index, demonstrating their willingness to diversify attack vectors beyond the npm ecosystem.


Capabilities and Impact


Beyond credential theft, recent iterations of PromptMink have demonstrated SSH backdoor installation and the ability to exfiltrate entire project repositories containing source code and intellectual property. This represents a significant escalation from simple information stealing to persistent access and wholesale data theft.


The malware's targeting of .env files is particularly dangerous in development environments, as these files commonly contain API keys, database credentials, and cryptocurrency wallet information. For developers working on blockchain projects, compromise could directly result in loss of funds and exposure of sensitive project details before launch.


Evasion and Detection Challenges


The threat actors employed multiple techniques to stay ahead of defenders. These include creating malicious versions of functions already present in legitimate packages, typosquatting on legitimate library names, and using transitive dependencies to execute code on developer systems without raising immediate suspicion.


The phased approach of splitting functionality across multiple packages meant that even if one layer was detected, others would continue operating. The rapid replacement cycle of removed packages suggests the attackers maintain automated tooling to regenerate and republish compromised packages as quickly as they're taken down.


Sources


  • https://thehackernews.com/2026/04/new-wave-of-dprk-attacks-uses-ai.html

  • https://www.socdefenders.ai/item/3203ff36-3bd1-41ff-90a7-fe2b11730887

  • https://www.youtube.com/shorts/p58kbVhn_k4

  • https://x.com/TheCyberSecHub/status/2049500269764026630

  • https://www.linkedin.com/posts/cybercureme_new-wave-of-dprk-attacks-uses-ai-inserted-activity-7455276881395728384-B-e0

Recent Posts

See All

Comments


  • Youtube

© 2025 by Explain IT Again. Powered and secured by Wix

bottom of page