Back to Feed
Supply ChainJul 1, 2026

PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems

North Korean threat actors expand PolinRider supply chain campaign across npm, Packagist, Go, and Chrome extensions.

Summary

The PolinRider supply chain campaign, linked to North Korean threat actors, has expanded its reach across multiple open source ecosystems including npm, Packagist, Go modules, and Chrome extensions. Threat actors are compromising maintainer accounts, rewriting Git history, and hiding malicious JavaScript loaders within legitimate repositories, often disguised as font files or within configuration files. The campaign has been observed delivering payloads like DEV#POPPER and OmniStealer, with the potential to distribute additional malware.

Full text

Security NewsRisky Biz Podcast: AI Agents Are Raising the Stakes for Software Supply Chain SecurityOpen source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.By Sarah Gooding - Jun 30, 2026

Indicators of Compromise

  • url — https://socket.dev/supply-chain-attacks/polinrider

Entities

Contagious Interview / Famous Chollima (threat_actor)PolinRider (campaign)DEV#POPPER (product)OmniStealer (product)npm (technology)Packagist (technology)