Researchers say hundreds of booby-trapped code packages on a major programming platform were part of a state-backed campaign to steal crypto and infiltrate tech firms.
In brief
More than 300 malicious code packages were uploaded to npm in what researchers call the “Contagious Interview” campaign.
The fake job-recruitment lures targeted Web3 and crypto developers, stealing credentials and wallet keys.
Security exper… [3385 chars]
Source: Decrypt | Published: 2025-10-15T22:15:09Z
Credit: Decrypt
