The threat is a sophisticated social engineering campaign targeting open source maintainers, using fake communication platforms and cloned identities to trick them into installing a Remote Access Trojan (RAT). The attackers used this initial access to compromise npm packages with massive weekly download volumes. The OpenSSF advisory warns that similar tactics are now being used against a broader set of open source projects.
North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that tricked him into installing a RAT posings as a software update. They used the access they gained to inject malware into npm packages downloaded 100+ million times a week. Now, a fresh Open Source Security Foundation (OpenSSF) advisory warns unknown attackers are using a similar approach to target other … More → The post Social engineering attacks on open source developers are escalating appeared first on Help Net Security .