Active Malware Campaigns in January-May 2026
ID: 52a7a10c-5a7f-56af-a9dd-f51083cd3023
STIX ID: report--52a7a10c-5a7f-56af-a9dd-f51083cd3023
Feed Name: OpenSourceMalware Blog
Date Published: 2026-06-08
Date Updated: 2026-06-20
Author: cb482791-4ef1-4762-96ad-b0ca4bdd538e
### Executive Summary: This report documents multiple active 2026 software supply-chain campaigns—notably DPRK-linked Lazarus Group operations (Contagious Interview, TasksJacker/PolinRider) and financially motivated TeamPCP (CanisterWorm, Mini Shai-Hulud)—that used malicious .vscode/tasks.json files, lifecycle hooks, self‑propagating worms, and credential‑stealing payloads to compromise developers, CI runners, package registries (npm, PyPI), and container images, resulting in widespread token and secret exfiltration and large-scale package poisoning.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
