North Korea-Linked npm Packages Mimic Rollup Polyfills to Steal Developer Secrets

Threat actors with ties to North Korea have been linked to a fresh set of malicious npm packages that masquerade as Rollup polyfill tooling to facilitate remote access and data theft.

According to JFrog, the packages « rollup-packages-polyfill-core » and « rollup-runtime-polyfill-core » mimic the legitimate « rollup-plugin-polyfill-node » project, down to the description, repository metadata, and