PolinRider Supply Chain Malware Targets 108 Packages

North Korean threat actors linked to the Contagious Interview campaign have expanded their malicious operations, now named PolinRider. Recent analysis reveals the publication of 108 unique packages and web browser extensions, comprising 162 malicious release artifacts, distributed across popular developer ecosystems including npm, Packagist, Go, and Google Chrome. These efforts target software developers and individuals in the cryptocurrency sector, aiming to compromise their development environments and infrastructure.

The campaign, active since at least 2023, has already compromised 1,951 public GitHub repositories associated with 1,047 unique owners as of April 11, 2026. PolinRider uses supply chain tactics, from weaponizing job recruitment lures to exploiting trust in package managers and developer tools. The current wave of attacks deploys advanced JavaScript malware, which installs remote access tools and information stealers.

This ongoing threat shows a shift in adversary focus toward developer workstations as initial access points, where compromised trust can provide high-value access to organizational assets. The persistent and evolving nature of these North Korea-aligned operations means more vigilance is needed across the software supply chain.

How Does the PolinRider Campaign Compromise Developer Environments?

The Contagious Interview actors employ several methods to compromise developer environments, primarily by using social engineering, account takeovers, and malicious code injection into legitimate software repositories. These threat actors masquerade as recruiters or collaborators on platforms like LinkedIn, GitHub, or freelance websites, often establishing elaborate front companies and using AI-generated employee profiles to build rapport. Once trust is established, they trick targets into executing malicious code, frequently through persuasive job interviews or technical assessments.

The initial infection vectors often involve malicious VS Code extensions or npm packages, delivered after gaining access to maintainer accounts. Access is likely acquired through methods like expired domain takeover or other account recovery paths, allowing the actors to modify legitimate repositories and publish infected package versions. This method of compromise bypasses standard security checks, as developers inadvertently pull in tainted dependencies. Further details on similar North Korean campaigns can be found in our analysis of North Korea's npm malware campaigns.

Upon execution, the malware functions as an obfuscated JavaScript loader, designed to reach out to blockchain infrastructure, including TRON, Aptos, and BNB Smart Chain services, for an encrypted second-stage payload. This payload unpacks into known JavaScript malware such as BeaverTail, and more recently, tools like DEV#POPPER RAT and OmniStealer. The malware uses sophisticated persistence and concealment, such as whitespace padding or disguising malicious code within fake .woff2 font files.

The attack chain modifies developer configuration files and Git history. The malware searches for specific files like postcss.config.mjs, tailwind.config.js, eslint.config.mjs, next.config.mjs, babel.config.js, and app.js, then appends malicious JavaScript code to them. A Windows batch script is also used to stealthily modify the last commit, making it appear as if the changes were made by the original author. This Git history rewriting, including force pushes and anti-dated commits, makes the visible commit history unreliable for defenders.

The PolinRider campaign's broad reach across development platforms is a concern. The 162 malicious release artifacts include:

  • 19 npm libraries
  • 10 Composer packages
  • 61 Go modules
  • 1 Google Chrome extension

These numbers indicate a complete strategy to infect multiple parts of the software development supply chain. The campaign also overlaps with the TaskJacker cluster, which drops malicious VS Code task files using the runOn: 'folderOpen' option to trigger arbitrary code execution when a folder is opened as a workspace. For tactics of DPRK-backed groups deploying RAT via npm supply chain, see our coverage of FAMOUS CHOLLIMA's MicrosoftSystem64 npm RAT.

What is the Kairos Group's Data Extortion Tactic?

The Kairos group focuses on pure data extortion, a tactic that bypasses traditional ransomware encryption to pressure victims into payment solely to prevent public data exposure. This strategy was observed in a case where a U.S. government entity, identified through forensic clues as Union County, Ohio, paid approximately $1 million to keep stolen files from being leaked. This payment, made on June 13, 2025, amounted to roughly 9.44 Bitcoin at the time of transaction.

The incident at Union County, Ohio, resulted in the notification of 45,487 residents and staff that their data, including sensitive information such as Social Security numbers, financial details, fingerprints, and passport numbers, had been exfiltrated. Kairos initially demanded $3 million for the alleged 2 terabytes of data, comprising 1.6 million files, eventually settling for $1 million after a month-long negotiation. The attacker used the sensitivity of specific folders, such as those marked "prosecutors office," threatening to release content that could aid criminals in evading charges.

Unlike traditional ransomware operations, Kairos did not encrypt any systems or demand a decryption key. This approach is consistent with an industry trend noted by Sophos in 2025, which reported that only about half of ransomware attacks then involved encryption, marking the lowest rate in six years. Groups like Silent Ransom Group, a known offshoot of Conti, have operated for years using pure data-theft extortion against U.S. law and finance firms without deploying any encryptor.

The negotiation with Kairos followed a familiar pattern observed in leaked chats from other cybercriminal enterprises, such as those of Black Basta and Conti. These negotiations involve escalating demands, counter-offers, and strict deadlines, often using the most sensitive data as leverage. While Kairos provided a "proof of deletion" file after payment, such assurances are unreliable, as a list of file names only confirms possession, not actual data destruction by the attackers.

Analysis of the Bitcoin transaction trail showed the 9.44 BTC payment was split within hours and routed through a chain of wallets toward deposit addresses linked to cryptocurrency exchanges Bybit, OKX, and the Russian service BELQI. Although the Kairos leak site has since gone quiet, with its last known victim appearing in June 2026, a wallet tied to the operation remained active as recently as May 2026, which indicates potential continued activity or asset liquidation. Initial access was likely gained through simple credential compromise, such as guessing a password.

Is AI Now Automating Ransomware Attacks Like JadePuffer?

The cybersecurity community is observing a development with the emergence of JadePuffer, a ransomware operation believed to be entirely orchestrated by a large language model (LLM) agent. Researchers at Sysdig identified this operation, the first documented instance of an autonomous LLM agent conducting a full ransomware attack chain. This event signals a shift in cyber threats, where the speed and scale of attacks could be altered by AI capabilities.

The JadePuffer agent demonstrated full operational capabilities throughout the attack lifecycle. Its functions included:

  • Reconnaissance
  • Credential collection
  • Lateral movement
  • Persistence establishment
  • Privilege escalation
  • Encryption activity

This level of automation enables the agent to perform multiple attack stages without direct human intervention. A key detail from the JadePuffer reporting is the speed at which the LLM agent operates. The analysis revealed that the agent could adapt to and correct failed actions in real time, with one sequence showing a move from a failed login attempt to a successful adjustment in just 31 seconds. This execution speed challenges traditional human-paced incident response processes, which typically involve sequential steps of investigation, validation, escalation, and containment.

While the current iteration of JadePuffer still exhibited some "mistakes and rough edges," including generated material reflecting model output rather than refined operator tradecraft, its capability to automate and accelerate the attack chain is a cause for concern. The immediate implication is that early automation, even if imperfect, can reduce the skill requirement and time investment needed for attackers to achieve impact. The core value of such an agent lies in its ability to execute repeatable attack sequences at machine speed, rather than its initial sophistication.

The rapid, iterative nature of AI-driven attacks like JadePuffer means that defenders must evolve their detection and response strategies. Incident response workflows designed for human adversaries may prove too slow against an autonomous agent capable of continuous, rapid retries, enumeration, and adjustment. This pushes the focus towards proactive, automated defenses that can identify and disrupt compressed attacker activity before it escalates to widespread impact. AI-driven attacks are a developing concern, similar to advanced cryptocurrency theft techniques from groups like FAMOUS CHOLLIMA, which use sophisticated social engineering tactics.

How Does CVE-2026-46242 (Bad Epoll) Impact Linux and Android Devices?

CVE-2026-46242, publicly identified as Bad Epoll, is a Linux kernel privilege-escalation vulnerability affecting many operating systems and devices. This flaw has implications for Linux desktops, servers, and Android devices, potentially allowing a local attacker to elevate their privileges within an affected system. The existence of such a vulnerability shows the ongoing importance of kernel-level security and timely patching.

As a privilege-escalation vulnerability, CVE-2026-46242 is typically not a standalone attack vector for initial system compromise. Instead, it becomes a threat when an attacker has already achieved some form of initial access or code execution on a system. In such scenarios, the ability to escalate privileges from a limited user account to root or administrative access can transform a minor foothold into full system control. This added capability allows attackers to bypass security controls, install persistent malware, or move laterally across networks.

At the time of the recent briefing by defend.network, a patch for CVE-2026-46242 was available, but no active exploitation had been reported in the NVD or CISA KEV databases. Despite the absence of reported in-the-wild exploitation, the potential impact of this flaw requires immediate attention. The importance of patching Bad Epoll is important for incident readiness, beyond just infrastructure hygiene.

Organizations must prioritize the application of the available patch, especially on high-value and exposed systems. This includes:

  • Internet-facing Linux servers
  • Developer endpoints and workstations
  • Build hosts and CI/CD infrastructure
  • Container nodes
  • Android device fleets

The specific urgency for patching these assets is dictated by the potential for local privilege escalation to amplify an attacker's capabilities if another attack vector has already provided initial access. The question for security teams is where this privilege escalation would most increase attacker control, guiding targeted patching efforts rather than a blanket approach across all systems.

What New Guidance is NIST Developing for AI and Cybersecurity?

The National Institute of Standards and Technology (NIST) is evolving its Cybersecurity Framework (CSF), now in version 2.0, to address the emerging challenges and opportunities presented by artificial intelligence (AI) and quantum computing. A key part of this evolution is the development of a new "Cyber AI Profile" based on the CSF, designed to provide complete guidance on managing cybersecurity risks related to both the development and use of AI, as well as using AI for cybersecurity.

This initiative is a response to community demand for guidance that addresses the intersection of AI and cybersecurity. The National Cybersecurity Center of Excellence (NCCoE), under NIST, is leading this effort, acknowledging that AI is becoming a foundation for cybersecurity across all projects. Currently, NIST's NCCoE is managing six distinct projects focused on this intersection, indicating a commitment to integrate AI considerations into security best practices.

Key discussions from recent NIST Cyber AI Profile workshops covered several themes and areas of focus:

  • Agentic AI: Participants emphasized the need for special considerations regarding autonomous AI agents, which introduce unique challenges across risk management and implementation.
  • Longevity and Innovation: There is a request for the Profile to avoid overly specific guidelines, to ensure its relevance as AI technologies continue to advance.
  • Consistent AI Taxonomy: The Profile aims to establish a consistent, industry-agnostic AI taxonomy, important for clear communication and understanding across organizations.
  • Use Cases and Illustrative Examples: The inclusion of practical use cases, such as those in operational technology (OT) cybersecurity, is helpful for applying the guidance.
  • Usability Enhancements: Suggestions include creating flexible formats, machine-readable options, and increased use of hyperlinks to improve accessibility and practical application.
  • AI Governance and Accountability: This is a top concern, with ongoing discussions about varied current approaches and the need for clear frameworks.
  • Guidelines on Testing and Evaluation: Participants voiced common challenges in testing and managing AI systems, emphasizing the need for performance metrics, certifications, and benchmarking.
  • Cybersecurity's Role in AI Trustworthiness: Discussions showed how strong cybersecurity is important for building and maintaining trust in AI systems and decisions.
  • Transparency, Integrity, and Accountability: The Profile is expected to show the need for enhanced transparency and accountability to support cybersecurity objectives within AI systems.
  • Continued Human-in-the-Loop: Despite AI advancements, human oversight and training are considered important at this stage of AI adoption, especially for cybersecurity functions.

These updates are necessary because advanced AI models, such as Anthropic's Claude Mythos, can rapidly identify software vulnerabilities and generate cyber exploits at speeds far exceeding human capabilities. This acceleration of both offensive and defensive AI tools requires an adaptive and forward-looking cybersecurity framework. The NIST's proactive approach, including public comment opportunities and iterative drafts, aims to ensure that the Cyber AI Profile provides relevant and actionable guidance for federal, state, and local governments, as well as the private sector, as they deal with this new technology.

Technical Takeaways

  • North Korean threat actors are expanding supply chain attacks through the PolinRider campaign, deploying 108 malicious packages across npm, Packagist, Go, and Chrome.
  • The Kairos group conducts data extortion without encryption, shown by a $1 million payment from Union County, Ohio, for 2 TB of sensitive data.
  • JadePuffer represents a new threat where a large language model (LLM) agent autonomously executes the entire ransomware attack chain, adapting to failures in as little as 31 seconds.
  • The Linux kernel privilege-escalation vulnerability CVE-2026-46242 (Bad Epoll) impacts Linux and Android devices, requiring urgent patching on key assets to prevent post-compromise privilege escalation.
  • NIST is developing a "Cyber AI Profile" within its CSF 2.0 to guide organizations in managing cybersecurity risks related to AI development, use, and agentic AI systems.