Close Menu
Pineapples Update –Pineapples Update –

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    DOE’s advanced nuclear reactor site 90-day challenge

    August 5, 2025

    This favorite advertising inhibitor finally comes into safari – make sure you download correctly

    August 5, 2025

    Amazon lets you buy cars now used in a few clicks – how is it here

    August 5, 2025
    Facebook X (Twitter) Instagram
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Pineapples Update –Pineapples Update –
    • Home
    • Gaming
    • Gadgets
    • Startups
    • Security
    • How-To
    • AI/ML
    • Apps
    • Web3
    Pineapples Update –Pineapples Update –
    Home»Security»North Korean Xorindex Malware is hidden in 67 malicious NPM packages
    Security

    North Korean Xorindex Malware is hidden in 67 malicious NPM packages

    PineapplesUpdateBy PineapplesUpdateJuly 15, 2025No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    North Korean Xorindex Malware is hidden in 67 malicious NPM packages
    Share
    Facebook Twitter LinkedIn Pinterest Email

    North Korean Xorindex Malware is hidden in 67 malicious NPM packages

    The North Korean threat actors put 67 malicious packages in the Node Package Manager (NPM) online repository, which to give the developer system a new dirtware loader called Xorindex.

    The packages collectively count over 17,000 downloads and the package was discovered by researchers in the Security Platform socket, which assess them to be part of constant infectious interview operations.

    Researchers at the socket say that the campaign follows the danger activity revealed from April. Last month, the same actor infiltrated the NPM with 35 packages, which demolished information and dropped the backdoor on developers’ equipment.

    Latest attack waves timelines
    Latest attack waves timelines
    Source: socket

    Overview of attacks

    Contegius interview is a North Korean state-supported campaign that targets most developers with fake jobs that trick them to run malicious codes on their systems.

    This purpose varies from collecting sensitive information that allows companies to steal cryptocurrency assets.

    Node Package Manager (NPM) is a default package manager for Node.JS, a platform where developers publish and install JavaScript library and tools. It is widely used in web development, but is often exploited by danger actors for malware distribution.

    Out of 67 packages, this time, many of the danger actors uploaded on NPM are those who mimic or mix the names of legitimate software projects and libraries, such as: such as:

    • White-meta-plugin
    • vite-postcss-tools
    • White-legging
    • White-leg
    • Beautiful chalk
    • North-selection
    • JS-Pportyer
    • Flow -boundary
    • Fig
    • MIDD-JS, Middy-JS

    When the victims install any of these packages, a ‘poststall’ script is executed to launch Xorindex loader, a novel tool used in parallel with hexwell loaders, a malware dropper seen in previous attacks.

    The Xorindex loader collects host data to profile each victim and sends it to a hardcode command and control (C2) address, which is hosted on the infrastructure from Versel Cloud Application Company.

    The C2 server reacts with one or more JavaScript payload, which is executed on the victim’s system using eval (). These payloads are usually beepartel and invisible backdoor, both are attributed to North Korean infectious interview operations.

    Two pieces of malware provide access to compromised machines, allowing data exfIs, and can download more payloads.

    According to the researchers, North Korean hackers combine old and new devices with microscopic modifications, and each time NPM cleans an infection, they return through various NPM accounts and package names.

    “An actor of the danger of infectious interview will continue to diversify his malware portfolio, moving through the new NPM vertebrate surnames, loaders such as hexwell loaders and malware families such as beeprtel and invisible, and actively deploy new observation variants including Xorindex loaders, and actively deploy new observation – the sockets – the sockets – the sockets.

    Researchers warned, “Guarders should expect continuous recurrence of these loaders in new published packages, often with minor changes to find out,” the researchers warned.

    Researchers at the socket say that they reported NPM to all malicious packages from the latest campaign, but some of them may still be available in the repository.

    To ensure that they are not typing the decoice, it is important to double-check the sour packages to ensure that only with famous projects and a proven records, and recently for the signals of automation to check the recent repository activity.

    When possible, always check the source code for obfusation and execute new libraries in isolated environment to evaluate your safety.


    Tines needle

    While cloud attacks can be more sophisticated, the attackers still succeed with surprisingly simple techniques.

    Drawing by the detection of Vij in thousands of organizations, this report reveals the 8 major techniques used by Claude-Floid danger actors.

    hidden Korean malicious Malware North NPM packages Xorindex
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleTrump asked to pass the Genius Act on Tuesday, despite the report of the vote later
    Next Article Congress moves forward to clarify the joint employer rule
    PineapplesUpdate
    • Website

    Related Posts

    Security

    Amazon lets you buy cars now used in a few clicks – how is it here

    August 5, 2025
    Security

    Cyber attack in summer 2025

    August 5, 2025
    Security

    NVIDIA Patch Critical Triton Server Bugs that threatens AI model safety

    August 5, 2025
    Add A Comment
    Leave A Reply Cancel Reply

    Top Posts

    Microsoft’s new text editor is a VIM and Nano option

    May 19, 2025797 Views

    The best luxury car for buyers for the first time in 2025

    May 19, 2025724 Views

    Massives Datenleck in Cloud-Spichenn | CSO online

    May 19, 2025650 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Most Popular

    10,000 steps or Japanese walk? We ask experts if you should walk ahead or fast

    June 16, 20250 Views

    FIFA Club World Cup Soccer: Stream Palmirus vs. Porto lives from anywhere

    June 16, 20250 Views

    What do chatbott is careful about punctuation? I tested it with chat, Gemini and Cloud

    June 16, 20250 Views
    Our Picks

    DOE’s advanced nuclear reactor site 90-day challenge

    August 5, 2025

    This favorite advertising inhibitor finally comes into safari – make sure you download correctly

    August 5, 2025

    Amazon lets you buy cars now used in a few clicks – how is it here

    August 5, 2025

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • About Us
    • Contact Us
    • Privacy Policy
    • Terms And Conditions
    • Disclaimer
    © 2025 PineapplesUpdate. Designed by Pro.

    Type above and press Enter to search. Press Esc to cancel.