North Korea-linked npm packages imitate Rollup polyfills to exfiltrate data
Source headline: North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
Intelligence Summary
JFrog identified malicious npm packages tied to North Korea that impersonate Rollup polyfill tooling. The packages “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core” are designed to closely match a legitimate Rollup polyfill plugin’s metadata. If installed, they can provide remote access capabilities and steal developer secrets. The threat specifically targets the JavaScript build ecosystem where npm dependencies are routinely added. Developers and maintainers should audit dependency provenance, review package contents, and avoid installing lookalike modules.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.