North Korea-linked npm packages impersonate Rollup polyfill tools to steal developer secrets

TL;DR Six malicious npm packages mimicking Rollup polyfill tools stole developer credentials and enabled remote access in a Lazarus-linked campaign. Security researchers at JFrog have identified a set of malicious npm packages linked to North Korean threat actors that impersonate legitimate Rollup polyfill tooling to steal developer credentials and enable remote access to compromised machines. […]