logo

Neutralinojs Compromised In DPRK Attack

ID: 268fa8e2-62a1-50ec-9c3f-f1876ce7fd8d

STIX ID: report--268fa8e2-62a1-50ec-9c3f-f1876ce7fd8d

Feed Name: OpenSourceMalware Blog

Threat Score
90/100

Date Published: 2026-03-06

Date Updated: 2026-06-20

Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2

...
...

**Neutralinojs supply-chain compromise (2026-03-02):** DPRK-linked actors used a compromised GitHub account to force-push backdated commits that injected obfuscated JavaScript payloads which fetch a multi-stage BeaverTail infostealer via a blockchain-based C2; four Neutralinojs repositories were directly infected, two Vercel-hosted C2 endpoints were identified and taken down, and similar payloads have been found in 106+ additional repositories, posing a high risk to developers who clone or build from source.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.