Hackers Compromise GitHub Maintainer Accounts to Publish PolinRider-Infected Package Versions
ID: 5ead710d-1167-5932-93db-c9b7c785a5fa
STIX ID: report--5ead710d-1167-5932-93db-c9b7c785a5fa
Feed Name: GBHackers
PolinRider is a widescale supply‑chain campaign that compromises GitHub maintainer accounts to publish 162 malicious artifacts across 108 packages and extensions (npm, Go modules, Packagist, a Chrome extension). Operators use Git history rewriting, obfuscated JavaScript loaders (including whitespace‑padded one‑liners and fake .woff2 files) and VS Code task abuse to execute loaders that fetch encrypted second‑stage payloads (observed families include DEV#POPPER and OmniStealer) enabling credential/wallet theft and remote access; defenders should preserve forensic artifacts, identify affected developer machines, remove affected versions, rotate exposed secrets, and audit repository and registry activity.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
