PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems
North Korean threat actors expand PolinRider supply chain campaign across npm, Packagist, Go, and Chrome extensions.
Summary
The PolinRider supply chain campaign, linked to North Korean threat actors, has expanded its reach across multiple open source ecosystems including npm, Packagist, Go modules, and Chrome extensions. Threat actors are compromising maintainer accounts, rewriting Git history, and hiding malicious JavaScript loaders within legitimate repositories, often disguised as font files or within configuration files. The campaign has been observed delivering payloads like DEV#POPPER and OmniStealer, with the potential to distribute additional malware.
Full text
Security NewsRisky Biz Podcast: AI Agents Are Raising the Stakes for Software Supply Chain SecurityOpen source attacks are accelerating as AI coding agents pull in dependencies faster, with less human review.By Sarah Gooding - Jun 30, 2026
Indicators of Compromise
- url — https://socket.dev/supply-chain-attacks/polinrider