North Korea’s Contagious Interview supply chain operation has escalated from a targeted npm campaign to a five-ecosystem assault on the open-source software ecosystem. Socket, which has been tracking the activity since 2024, disclosed on 7 April 2026 that the operation — attributed with high confidence to UNC1069 (also known as BlueNoroff, Sapphire Sleet, and Stardust Chollima) — now counts more than 1,700 malicious packages across npm, PyPI, Go Modules, crates.io, and Packagist. This is the same financially motivated DPRK cluster responsible for years of cryptocurrency theft and developer targeting, but the cross-ecosystem scale of this campaign represents a significant operational escalation.
What Contagious Interview Does
The attack methodology is distinct from traditional maintainer account compromise. Rather than taking over existing legitimate packages, UNC1069 publishes packages that impersonate legitimate developer tooling — packages that look, name-wise and functionally, like real utilities developers would install. The packages act as staged loaders: the initial npm install appears to provide expected functionality while silently fetching a platform-specific second-stage payload from attacker-controlled infrastructure.
The second-stage payload is WAVESHAPER.V2, a cross-platform implant with combined infostealer and remote access trojan (RAT) capabilities. Once deployed, WAVESHAPER.V2 performs credential harvesting (browser-stored credentials, SSH keys, cloud provider tokens), environment variable enumeration targeting CI/CD secrets, and establishes a persistent command-and-control channel. The implant communicates with rotating C2 infrastructure designed to blend with legitimate developer traffic patterns.
A confirmed example is the poisoning of the popular Axios HTTP client package on npm. By taking over the maintainer account for a closely-named lookalike package and injecting WAVESHAPER.V2 into the post-install hook, UNC1069 placed malicious code in a position to run automatically during npm install across any pipeline that resolved the typosquatted package.
Why Five Ecosystems Matters
Historically, software supply chain attacks targeting developer tooling concentrated on npm — the largest ecosystem by volume. The deliberate expansion to PyPI (Python), Go Modules, crates.io (Rust), and Packagist (PHP) is significant for two reasons.
First, it dramatically widens the attack surface. Organisations using Go for backend services, Rust for systems programming, or PHP for web applications now face the same supply chain risk previously associated primarily with JavaScript/Node.js environments. Security postures built around npm-centric tooling — package lockfiles, npm audit, registry monitoring — do not provide coverage across the other four ecosystems.
Second, the cross-ecosystem expansion reflects operational maturity. Publishing 1,700+ packages across five registries while maintaining operational security and avoiding mass takedown requires significant infrastructure and effort, consistent with state-sponsored resourcing.
Socket notes that package registries are responding — npm, PyPI, and crates.io have removed confirmed malicious packages in batches — but the volume of packages and the speed of republication under new names means that removal is a losing race without proactive detection capability.
Who Is at Risk
The primary targets are developers themselves, particularly those working in environments with access to production secrets, cloud infrastructure credentials, or cryptocurrency wallets. Contagious Interview has historically focused on developers in the cryptocurrency, DeFi, and fintech sectors — consistent with UNC1069’s financial motivation — but the expanded ecosystem coverage suggests a broader targeting mandate.
Organisations at elevated risk include:
- Teams using Go or Rust for cloud infrastructure tooling (common in DevOps and platform engineering roles)
- PHP-based web development shops, where Packagist is the primary dependency manager
- CI/CD pipelines that run
go get,cargo add,composer install, orpip installin contexts with access to production credentials or deployment tokens
Developer machines are also at risk, not just automated pipelines — the Contagious Interview operation specifically targets developers during the package evaluation phase, when they might install and test a new library manually.
Recommended Actions
- Audit dependencies across all five ecosystems now. Run
npm audit,pip-audit,govulncheck,cargo audit, andcomposer auditagainst your current dependency trees. Compare installed packages against your team’s approved dependency list — any package not explicitly approved warrants review. - Enable registry security features. npm supports package provenance attestations for verified publishers; prefer packages with provenance where available. PyPI supports trusted publishing and 2FA enforcement for maintainer accounts.
- Restrict
postinstalland lifecycle hook execution in CI. In npm,--ignore-scriptsprevents lifecycle hook execution during package installation. Evaluate whether your build process requires these hooks; if not, disable them at the pipeline level. - Apply least privilege to CI/CD credentials. Build environments should hold only the minimum credentials required for their specific task. Production deployment keys, cloud provider tokens, and secret manager access should not be present in environments running dependency installation steps.
- Monitor for WAVESHAPER.V2 indicators. Socket has published IOCs including C2 domain patterns and file hashes for WAVESHAPER.V2 payloads. Configure endpoint detection rules and egress monitoring for known C2 infrastructure.
- Implement a dependency allowlist. In environments with well-defined dependency sets, enforce an explicit allowlist that blocks installation of any package not on the approved list — regardless of whether it appears malicious in static analysis.