A new report from U.S. cybersecurity firm Socket reveals that North Korean hackers have utilized the popular software repository npm to distribute over 300 packages containing malicious code. Disguised as legitimate versions of popular libraries like express and hardhat, these packages carry malware capable of stealing passwords and cryptocurrency wallet keys. The operation, known as ‘Infectious Interview,’ involves hackers posing as tech recruiters targeting blockchain and Web3 developers. While some packages have been removed after being downloaded by approximately 50,000 users, several remain online. Research has traced the code patterns back to North Korean hacker groups, noting the use of memory decryption techniques in loader scripts to evade detection. Although GitHub has enhanced verification processes and removed some malicious packages, the threat to software supply chain security remains. Security experts urge development teams to treat each dependency installation with caution, recommending thorough scanning and verification before integrating any new components into their projects.