CyberSum logo
Back

Contagious Interview Campaign: 338 Malicious npm Packages Target Crypto Developers

Cyber Security News by CyberSum.net
2 sources
State-sponsored threat actors have escalated the Contagious Interview campaign, deploying 338 malicious npm packages to target cryptocurrency and blockchain developers. The operation uses sophisticated social engineering tactics, including fake personas and job offers, to deliver advanced malware like BeaverTail and InvisibleFerret backdoors. Researchers have identified this as a factory-style operation designed to compromise developer endpoints and steal cryptocurrency assets. The campaign follows the Lockheed Martin Cyber Kill Chain framework, beginning with reconnaissance on LinkedIn and culminating in the installation of malicious dependencies. The threat actors have evolved their techniques, moving beyond simple malware droppers to implement three distinct loader families. The campaign's persistence and scale highlight the challenges facing the npm ecosystem and the broader software supply chain.

Also Read

New GNU/Linux Rootkit LinkPro Discovered in AWS Infrastructure

An investigation into a compromised AWS-hosted infrastructure revealed a new GNU/Linux rootkit called LinkPro. The attackers exploited a vulnerable Jenkins server (CVE-2024-23897) to deploy a malicious Docker image on Kubernetes clusters. The rootkit, written in Golang, features eBPF modules for concealment and remote activation, allowing attackers to gain persistence and execute commands. The sophisticated malware supports multiple communication protocols and uses a 'magic packet' for activation. The threat actors are suspected to be financially motivated.

By Cyber Security News by CyberSum.net