Skip to main content
    Scammers Are Hiding Dangerous Software in Developer Tools and Browser Extensions
    Cybersecurity
    2 min read

    Scammers Are Hiding Dangerous Software in Developer Tools and Browser Extensions

    North Korean hackers are creating fake software packages and browser add-ons to target people who work in technology.

    Source

    The Hacker News

    Original headline: North Korean Hackers Publish 108 Malicious Packages and Extensions in PolinRider Campaign

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Saturday, July 4, 2026Updated Sunday, July 5, 20262 min read
    Share:

    A group of hackers from North Korea has published 108 fake software packages and web browser extensions across multiple platforms used by software developers. These malicious items appear on npm, Packagist, Go, and the Google Chrome extension store. This campaign, called PolinRider, is connected to an earlier effort called Contagious Interview where scammers posed as job recruiters.

    The attackers are also breaking into legitimate developer accounts to publish their dangerous software. This threat primarily affects people who write software code for a living, not typical families. However, if someone in your household works as a software developer or programmer, they could accidentally install one of these fake packages or extensions.

    The campaign is still active, meaning new dangerous items continue to appear. If you or someone in your family works in software development, here is what to do. First, be extremely careful about installing any new software packages, especially if contacted about job opportunities that require downloading tools or extensions.

    Stay one step ahead of scammers

    Weekly cybersecurity briefings for families. No spam, just the threats that matter and what to do about them.

    Second, review all currently installed browser extensions and remove any you do not recognize or no longer use. Third, verify the authenticity of any package before installing it by checking the publisher's reputation and looking for signs it might be fake.

    Fourth, never download software or extensions as part of a job interview process. For long term safety, teach family members who work in technology to be skeptical of unsolicited job offers, especially ones that require downloading files or software before the interview.

    Legitimate companies do not ask candidates to install software from unknown sources. If something feels unusual about a job opportunity, trust that instinct and walk away.

    Protect Yourself

    Stay one step ahead with our free family cybersecurity tools. Check links, scan for breached accounts, and get personalized risk assessments.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: The Hacker News

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.