North Korea-Linked npm Packages Imitate Rollup Polyfills in Developer-Focused Supply Chain Campaign
Researchers have uncovered a new software supply chain operation involving malicious npm packages that imitate legitimate Rollup polyfill tooling and appear to be tied to North Korean threat actors. T...
Researchers have uncovered a new software supply chain operation involving malicious npm packages that imitate legitimate Rollup polyfill tooling and appear to be tied to North Korean threat actors. The packages are designed to look credible during routine dependency checks while quietly delivering malware to developer systems.
According to JFrog, two packages — rollup-packages-polyfill-core and rollup-runtime-polyfill-core — closely copy the naming style, metadata, and overall presentation of the real rollup-plugin-polyfill-node project. Four related packages have also been identified and removed from npm: quirky-token, react-icon-svgs, rollup-plugin-polyfill-connect, and swift-parse-stream.
How the attack works
The malicious packages use a staged design. The first layer pulls in additional packages, which then retrieve JavaScript from an external JSON hosting service and execute it. JFrog said the code performs environment checks to avoid running in sandboxes, cloud development setups, serverless platforms, and analysis environments.
Once the malware determines it is running on a real target, it downloads an encrypted payload from an external server and decrypts it into a loader. That loader adds capabilities for remote access, data theft, and system control.
- Interactive terminal access and command execution
- Screenshot capture and process termination
- Mouse, keyboard, and scrolling control on Windows systems
- Browser and cryptocurrency wallet data theft
- File collection, clipboard scraping, and secret discovery
The file-hunting component is especially aimed at developer environments, including history and configuration data from tools such as Visual Studio Code, Windsurf, and Cursor, as well as credentials and settings linked to AWS, Azure, Gemini, Anthropic Claude, SSH, and Zsh.
Part of a broader pattern
JFrog said the campaign resembles earlier npm abuse attributed to North Korean actors, including operations that delivered malware families such as BeaverTail and OtterCookie. The activity also fits a wider trend of attackers targeting open-source ecosystems to harvest source code, API keys, cloud credentials, and other sensitive material from developers and build servers.
Security researchers say the latest findings reinforce the need for closer scrutiny of package names, install-time behavior, and dependency chains, especially in projects that rely on Rollup plugins or other tooling commonly used in CI pipelines and workstation setups.
