North Korea-Linked npm Packages Exploit Rollup Polyfills to Exfiltrate Developer Secrets

Date:

North Korea-Linked npm Packages Exploit Rollup Polyfills to Exfiltrate Developer Secrets

Recent cybersecurity incidents have unveiled a series of malicious npm packages associated with North Korean threat actors. These packages, masquerading as Rollup polyfill tools, are engineered to enable remote access and facilitate data theft, posing significant risks for developers and organizations that depend on open-source software.

Malicious Packages Identified

Security researchers from JFrog have pinpointed two main malicious packages: rollup-packages-polyfill-core and rollup-runtime-polyfill-core. These packages closely imitate the legitimate rollup-plugin-polyfill-node project, replicating its description, repository metadata, and overall structure. This level of mimicry can easily mislead developers during a brief review of their dependencies.

In addition to these primary threats, four other malicious packages have been removed from the npm registry:

  • quirky-token
  • react-icon-svgs
  • rollup-plugin-polyfill-connect
  • swift-parse-stream

Notably, rollup-packages-polyfill-core installs and loads swift-parse-stream, while rollup-runtime-polyfill-core installs quirky-token. Furthermore, react-icon-svgs has been found to install rollup-plugin-polyfill-connect as a secondary stage.

Layered Attack Structure

The second-stage packages are designed to resemble SVG utilities that fetch JSON objects from JSONKeeper and evaluate the model field. This layered approach, combined with similar names and seemingly legitimate metadata, employs hidden install-time execution and environment checks. These tactics are consistent with previous npm campaigns linked to North Korean actors, particularly those associated with the Lazarus Group.

This is not the first instance of North Korean threat actors using npm packages to impersonate Rollup polyfill tools. In April 2026, a campaign was documented that involved the publication of 108 malicious npm packages, delivering malware families known as BeaverTail and OtterCookie. Among these was rollup-plugin-polyfill-route, published on March 20, 2026.

Technical Mechanisms of the Attack

The attack initiates with a Base64-encoded npm install command for either swift-parse-stream or quirky-token, concealed within the malicious packages. These second-stage packages masquerade as SVG sanitization utilities while reaching out to a JSON Keeper URL to execute JavaScript malware.

The JavaScript code includes checks to prevent execution in cloud development environments, sandboxes, serverless runtimes, and analysis infrastructures. Once these checks are bypassed, the malware installs necessary dependencies and connects to an external server (216.126.236[.]244) to retrieve an encrypted JavaScript payload.

The decrypted payload acts as a loader for additional scripts that enable remote access to the compromised host. This includes functionalities for interactive terminal sessions, command execution, screenshot capture, and data theft from web browsers and cryptocurrency wallets. The malware can also collect files with specific extensions and periodically capture clipboard content.

Broader Implications for Developers

The features of this malware overlap with those of the OtterCookie malware, particularly in its use of the @nut-tree-fork/nut-js package for remote mouse and keyboard control. This functionality has also been observed in other malicious packages, such as express-session-js.

JFrog emphasizes that Rollup plugins are often loaded from local configuration files, developer workstations, and CI jobs, which frequently have access to sensitive assets, including source code, npm tokens, Git credentials, cloud keys, SSH keys, browser data, and project secrets. The payload is not merely a downloader; it provides attackers with both collection and control capabilities, making it particularly relevant to developer workstations and build machines.

Recent Trends in Software Supply Chain Attacks

The emergence of these malicious npm packages aligns with a broader trend of software supply chain attacks. Recent reports from Checkmarx, SafeDep, and AWS security researcher Chi Tran have highlighted multiple incidents aimed at poisoning open-source package repositories and stealing valuable data.

For instance, a cluster of at least eight trojanized “pyrogram” forks was published by a threat actor operating under various identities between November 2025 and June 2026. This included a hidden backdoor that grants full remote control over any server running the infected PyPI package. This activity has been designated as Operation Navy Ghost by Checkmarx.

Another cluster of 30 npm packages mimicking Polymarket tooling targeted DeFi developers, delivering a JavaScript infostealer that reads crypto wallet vaults, browser credentials, and other sensitive data. Additionally, a Python package claiming to be a data breach-monitoring tool was found to harbor code that launches a backdoor to exfiltrate SSH private keys and other credentials.

Recommendations for Users

Users who have installed any of the identified malicious packages are strongly advised to remove them from their workstations, assume compromise, rotate credentials, and block malicious egress channels. Enabling dependency scanning in CI/CD pipelines can help flag newly published or suspicious packages.

For further details on this incident and other cybersecurity developments, refer to the original reporting source: cyberwarriorsmiddleeast.com.

For ongoing coverage and breaking updates, visit our Latest News section.

Published on 2026-07-03 20:57:00 • By the Editorial Desk

Share post:

Subscribe

Popular

More like this
Related