GitHub Maintainer Accounts Compromised in PolinRider Campaign
ID: d0a2c0da-5fe8-5a85-8279-4427f79f92b1
STIX ID: report--d0a2c0da-5fe8-5a85-8279-4427f79f92b1
Feed Name: ThreatCluster
PolinRider is a multi-ecosystem supply‑chain campaign where threat actors compromised GitHub maintainer accounts to distribute 162 malicious release artifacts across 108 packages (npm, Go modules, Packagist and a Chrome extension). The attackers used obfuscated JavaScript loaders that execute in developer tools (notably VS Code), abused account recovery and rewrote Git history to evade detection; follow-on payloads include remote access and credential-stealing malware linked to a North Korean threat cluster.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
