← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Popular Development Framework Neutralinojs Compromised In DPRK Attack
WHITE PetrP.73 2026-04-02 Modified: 2026-04-02
6
IOCs
LOW VOLUME
The Neutralinojs framework was compromised by North Korean (DPRK) threat actors in March 2026 through a sophisticated attack employing stolen GitHub credentials. This breach involved the force-pushing of malicious commits across four separate repositories, which were designed to blend in with the legitimate code history by backdating the timestamps of the commits between 5 to 35 days. This tactic allowed the malicious code to go undetected for approximately three days after its deployment
malwarenpm securitypackage securityopen source securitythreat intelligencevulnerability reportingdprk attackblockchain c2addresses tronlayer
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (2 / 6 total)
All FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 904afe0337fbbd79def403b3204f75b4c5fbe4e2271252d22c0307f9cbd14646 2026-04-02
FileHash-SHA256 a507b74b6b1e25444c586bc67ae0244cba3037f2b39f25f7eb507ded97c373c1 2026-04-02
References (1)
↗ https://opensourcemalware.com/blog/neutralinojs-compromise