Executive Summary
Socket reports 162 malicious release artifacts across 108 packages and extensions, with hidden JavaScript loaders targeting developer environments across four ecosystems. [1]
This is a campaign-level source-of-truth post, not one post per package. Socket links the activity to the broader North Korean Contagious Interview / Famous Chollima cluster; Halting Problems preserves that source wording and does not independently strengthen attribution. Socket reports traces in 80 Go modules, 10 Packagist packages, one Chrome extension, and additional npm artifacts, with 162 malicious releases across 108 packages/extensions. [1]