North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign

July 15, 2025 invoker category_news

Security Update News

Update Information

Title North Korean Hackers Flood npm Registry with XORIndex Malware in Ongoing Attack Campaign
Update ID THN:58F199FE0643F63407FB7FDEA391E9F6
Type thn
Published 2025-07-15T07:17:00
Last Updated 2025-07-15T07:17:09

Security Impact

Severity NONE

AI Analysis

AI Description North Korean actors have released 67 malicious npm packages containing XORIndex malware, part of an ongoing campaign. These packages, downloaded over 17,000 times, distribute a sophisticated loader that profiles systems and deploys additional malware like BeaverTail and InvisibleFerret.
AI Severity High
AI Vendor npm
AI Product npm Registry
AI Version N/A

Update Details

[description content]

View Advisory Details

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.