NK hackers publish npm packages hiding Pastebin C2 for cross-platform RAT

North Korean group Famous Chollima published 26 malicious npm packages posing as developer tools. Each package runs an install script that decodes hidden C2 URLs steganographically embedded in Pastebin essays, then downloads platform-specific payloads from Vercel. The malware deploys a RAT and multiple modules for keylogging, browser and crypto credential theft, VS Code persistence, Git/SSH exfiltration, and secret scanning. Researchers say this campaign shows increasingly advanced evasion techniques and ongoing evolution in the Contagious Interview operation.

Видео NK hackers publish npm packages hiding Pastebin C2 for cross-platform RAT канала Saeb Masarwa Eng