Bogus npm Packages Used to Trick Software Developers into Installing Malware
Bogus npm Packages Used to Trick Software Developers into Installing Malware
27 April 2024
An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor.
Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors.
"During these fraudulent interviews, the developers are often asked