North Korea-Linked Malicious npm Packages Mimic Rollup Polyfill Tools
Threat actors with ties to North Korea have been linked to a new set of malicious npm packages designed to mimic legitimate Rollup polyfill tools. According to a report by JFrog, the packages 'rollup-packages-polyfill-core' and 'rollup-runtime-polyfill-core' were crafted to resemble the legitimate 'rollup-plugin-polyfill-node' project, including similar descriptions, repository metadata, and package structure. These malicious packages were part of a broader campaign to facilitate remote access and data theft.
Key Details of the Campaign
The campaign involved four additional packages, all of which have since been removed from the npm registry:
quirky-tokenreact-icon-svgsrollup-plugin-polyfill-connectswift-parse-stream
The malicious packages were designed to install and load secondary packages as part of a multi-stage attack. For instance, 'rollup-packages-polyfill-core' installed 'swift-parse-stream,' while 'rollup-runtime-polyfill-core' installed 'quirky-token.' These secondary packages, disguised as SVG utilities, fetched and executed malicious JavaScript payloads from external sources.
The attack began with a Base64-encoded npm install command hidden within the primary packages. The second-stage packages, while appearing legitimate, reached out to a JSON Keeper URL to retrieve and execute JavaScript malware. This malware performed environment checks to avoid detection in sandboxes or cloud development environments before executing its payload.
Malware Capabilities
Once executed, the malware enabled remote access to compromised systems, allowing the attackers to:
- Capture screenshots
- Execute commands
- Control mouse and keyboard actions
- Terminate processes
- Steal data from web browsers and cryptocurrency wallets
- Collect specific file types, including developer and AI tool configurations
The malware's capabilities overlap with those of previously known North Korean malware families, such as OtterCookie and BeaverTail. The use of remote control functionalities, such as those provided by the '@nut-tree-fork/nut-js' package, has been observed in other malicious npm packages, including 'express-session-js,' which was reported in April 2026.
Previous Attacks and Broader Trends
This is not the first time North Korean threat actors have targeted npm packages. In April 2026, Panther detailed a sustained campaign involving 108 malicious npm packages linked to the Contagious Interview group. The latest campaign shares similar tactics, including the use of lookalike package names, legitimate-seeming metadata, and hidden malicious payloads.
The disclosure coincides with the discovery of multiple software supply chain attacks targeting open-source package repositories. These attacks include:
- Trojanized 'pyrogram' forks that grant remote control over infected systems.
- npm packages mimicking Polymarket tooling to steal crypto wallet data.
- Python packages like 'security-alerts-sdk' that act as backdoors to exfiltrate sensitive data.
Recommendations for Users
Users who have installed any of the malicious packages are advised to:
- Remove the packages from their systems.
- Rotate credentials and assume compromise.
- Block malicious egress channels.
- Enable dependency scanning in CI/CD pipelines to detect suspicious packages.
The ongoing threat of supply chain attacks highlights the need for vigilance in securing open-source ecosystems and protecting sensitive data.