Security researchers have uncovered a set of npm packages linked to North Korean threat actors that impersonate legitimate Rollup polyfill tooling to exfiltrate developer credentials and grant attackers remote control over compromised machines.
- Packages mimic legitimate Rollup polyfill modules with near-identical metadata
- Payload steals credentials for AWS, Azure, Google Gemini, Anthropic Claude, and SSH keys
- Attack uses layered delivery and environment checks to evade detection
What happened
JFrog security researchers identified six malicious npm packages designed to impersonate the legitimate Rollup polyfill plugin 'rollup-plugin-polyfill-node.' These packages, including 'rollup-packages-polyfill-core' and 'rollup-runtime-polyfill-core,' were used to steal developer credentials and facilitate remote access on compromised machines. To conceal their true intent, the packages replicated the description, repository metadata, and folder structure of the genuine project.
The attack employs a multi-stage delivery chain: initial packages silently install secondary dependencies disguised as SVG utilities. These secondary components load malicious payloads from a remote JSON resource, which is then executed. The payload targets web browsers, cryptocurrency wallets, clipboard data, and specific file types, while also harvesting credentials for major cloud services and developer tools. All identified malicious packages have now been removed from the npm registry.
Why it matters
This campaign highlights the growing threat of supply chain attacks targeting open-source ecosystems like npm, which are integral to modern software development. By infiltrating widely used development dependencies, attackers gain access to environments that contain sensitive assets such as source code, API keys, and project secrets, potentially compromising entire organizations.
The activity is attributed to the Lazarus group, a North Korea-linked threat actor known for sophisticated cyber espionage and financially motivated attacks. The campaign’s advanced evasion tactics—such as environment checks to bypass sandbox and cloud-based CI workflows—underscore the increasing complexity and persistence of supply chain infiltration strategies. This raises the risk profile for developers and enterprises relying on third-party open-source packages.
What to watch next
Security teams and developers should closely monitor updates from npm and other open-source repositories for signs of similar malicious packages and conduct thorough dependency audits. Enhanced automated scanning for suspicious metadata, layered payload delivery, and environment-aware malicious behavior will be critical to detecting such threats early.
Given the ongoing risk from Lazarus-linked campaigns and recent related discoveries involving the BeaverTail and OtterCookie North Korean malware families, organizations should prioritize securing developer workstations and CI pipelines. This includes restricting access scopes, implementing multi-factor authentication, and actively monitoring for unexpected remote terminals or unusual credential access patterns.