Threat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating « coordinated and relentless » efforts to target developers with malware and steal cryptocurrency assets.
The latest wave, which was observed between August 12 and 27, 2024, involved packages named temp-etherscan-api, ethersscan-api, telegram-con, helmet-validate, and
