North Korean threat actors associated with the Contagious Interview campaign have deployed 108 malicious packages and browser extensions across multiple platforms in an ongoing operation tracked as PolinRider.

The attackers distributed malicious code through npm, Packagist, Go package repositories, and the Google Chrome Web Store. This broad platform coverage allows the threat actors to target developers across JavaScript, PHP, and Go ecosystems simultaneously.

The campaign exploits compromised maintainer accounts to inject malicious packages into legitimate-looking projects. Developers downloading these packages unknowingly install backdoors or data-stealing tools into their environments. Once installed, the malware can access source code, API credentials, and build artifacts.

PolinRider represents an evolution in supply chain attacks. Rather than targeting a single repository or language, the operation demonstrates sophisticated understanding of how different development communities operate. The use of compromised maintainer credentials means the malicious packages appear legitimate to automated security tools and manual review.

Browser extension distribution through the Chrome Web Store compounds the risk. Extensions gain privileged access to browsing activity, stored credentials, and site data. Users installing these extensions expose both personal and corporate information.

Organizations face several immediate risks. Development teams using compromised packages could introduce backdoors into production systems. Teams should audit npm, Packagist, and Go dependencies immediately for packages published during suspicious timeframes. Browser extension users should review installed extensions for unfamiliar or recently-added tools.

The threat actors' continued access to maintainer accounts suggests their compromise infrastructure remains operational. New malicious packages will likely surface as the campaign progresses. Repository platforms should implement stricter authentication requirements, including mandatory multi-factor authentication for all package maintainers.

Development teams should implement dependency scanning in CI/CD pipelines to catch unusual package behavior before deployment. Browser extension users should review permissions granted to each extension and remove any tools not actively used or trusted.