GoPlus: Beware of 26 malware packages released by North Korean hackers that can remotely download and execute Trojans.

CoinFeed reported on March 3 that the GoPlus Chinese community issued a warning on the X platform stating that North Korean hackers released a set of 26 malware packages to the npm registry. These packages all include an installation script ("install.js"), which executes automatically during package installation, running malicious code located in "vendor/scrypt-js/version.js". This malicious code downloads and executes a Remote Access Trojan (RAT) via a malicious URL, performing actions such as keylogging, clipboard theft, browser credential collection, TruffleHog secret scanning of Git repositories, and SSH key theft. This incident is related to a North Korean hacking activity called "Famous Chollima".