The Malware Factory: Unmasking the 108-Package North Korean Siege on npm

Cybersecurity researchers at Panther Threat Research have released a detailed exposé on a massive, coordinated npm malware campaign linked to North Korean (DPRK) threat actors. Spanning a 30-day window from March to April 2026, the operation utilized 108 malicious packages and 261 unique versions to infiltrate developer and CI/CD environments.

This wasn’t a simple case of “typosquatting.” Researchers describe the activity as a “distributed production system” or a “malware factory with reusable parts,” designed to survive partial takedowns by maintaining multiple operational clusters.

The campaign’s primary objective was consistent across all clusters: “lure developers into running malicious packages, execute code on trusted developer or CI systems, then steal credentials, wallet private key, sessions, and establish persistent access”.

The diversity of the stolen data reflects a highly targeted approach, focusing on:

• Crypto Infrastructure: Private keys for wallets and Solana key material related to Polymarket.
• Cloud & DevOps Secrets: Cloud provider credentials, SSH private keys, .npmrc files, and .env local environment variables.
• Modern AI Workflows: Material from AI-powered IDEs such as Cursor, Windsurf, Claude, and PearAI.
• Persistent Access: In some clusters, the attackers attempted to write their own public keys into ~/.ssh/authorized_keys, ensuring a “longer-lived foothold” even if the malicious npm package was later removed.

Analysts observed several clusters that moved beyond simple install hooks, making them significantly harder to detect with standard security tools.

One of the more sophisticated clusters, Cluster I, used a “blockchain dead-drop” mechanic. The malware would poll TRON and Aptos blockchain transaction data to resolve its next-stage command-and-control (C2) instructions.

As Panther Threat Research noted: “The malware can move from package execution to blockchain lookups, then to direct C2 infrastructure, while rotating the next retrieval values inside the decoded loader itself”.

Another, Cluster H, avoided obvious install hooks entirely, instead trojanizing the legitimate debug library. The malicious code remained dormant until an application actually called the debug.enable() function—a tactic that can “evade defenses focused on install hooks or one-time import checks”.

Panther Threat Research warns that because this was a coordinated campaign rather than a set of isolated events, removal of a single package is insufficient. “Defender response has to be campaign-aware: removing one package name or one domain may only prune a cluster while leaving the operational trunk intact,” the report cautions.