North Korean XORIndex malware hidden in 67 malicious NPM packages

28 Bogdanp 4 7/16/2025, 8:23:08 AM bleepingcomputer.com ↗

Comments (4)

bn-l · 10h ago
It’s weird how an npm package can just do all this still, to this day.
Bridged7756 · 3h ago
Given the size of the JavaScript ecosystem, it is indeed baffling how behind npm is. One npm i and a typo away from getting hacked.
cyanydeez · 7h ago
North korea and others are likely going if not already, setup an uno reverso and get applicants to do screening tests that require downloading malicious packages.
owebmaster · 8h ago
I "got" hacked by a North Korean hacker. I was lucky the dumb virus was meant for Mac and Windows, not Linux. It got installed to my computer but attempted to steal credentials in places there did not exist in my computer, but it was a close call.

After that I never used npm again.