ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
HIGH Open Source

North Korea-linked npm packages imitate Rollup polyfills to exfiltrate data

Source headline: North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat level High
Signal strength 75/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

JFrog identified malicious npm packages tied to North Korea that impersonate Rollup polyfill tooling. The packages “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core” are designed to closely match a legitimate Rollup polyfill plugin’s metadata. If installed, they can provide remote access capabilities and steal developer secrets. The threat specifically targets the JavaScript build ecosystem where npm dependencies are routinely added. Developers and maintainers should audit dependency provenance, review package contents, and avoid installing lookalike modules.

Recommended Action

Review affected assets, schedule urgent remediation, and monitor related indicators.

Topics

#supply-chain #npm #developer-secrets #exfiltration #lookalike-packages #rollup
Original reporting The Hacker News North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets
Open original source