{"id":232508,"date":"2026-04-08T08:26:00","date_gmt":"2026-04-08T12:26:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/08\/social-engineering-attacks-on-open-source-developers-are-escalating\/"},"modified":"2026-04-08T10:30:12","modified_gmt":"2026-04-08T14:30:12","slug":"social-engineering-attacks-on-open-source-developers-are-escalating","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/08\/social-engineering-attacks-on-open-source-developers-are-escalating\/","title":{"rendered":"Social engineering attacks on open source developers are escalating"},"content":{"rendered":"<p><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/04\/08\/social-engineering-open-source-developers\/\">Social engineering attacks on open source developers are escalating<\/a><\/p>\n<p><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/04\/08\/social-engineering-open-source-developers\/\">https:\/\/www.helpnetsecurity.com\/2026\/04\/08\/social-engineering-open-source-developers\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-08 08:26:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.helpnetsecurity.com\">www.helpnetsecurity.com<\/a><\/p>\n<p>North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that tricked him into installing a RAT posings as a software update. They used the access they gained to inject malware into npm packages downloaded 100+ million times a week. <\/p>\n<p>Now, a fresh Open Source Security Foundation (OpenSSF) advisory warns unknown attackers are using a similar approach to target other open source developers.<\/p>\n<h3>The Axios attack was not isolated<\/h3>\n<p>In the wake of the high-profile Axios compromise, Socket researchers learned that the same attack campaign targeted many other open source maintainers \u2013 particularly those managing Node.js and npm \u2013 as well as several Socket engineers.<\/p>\n<p>The attackers reach out via LinkedIn or Slack, posing as company owners\/representatives, job recruiters, or podcast hosts, and tried to lure developers into downloading malware masquerading as a videoconferencing software update \/ fix.<\/p>\n<p>\u201cThe attackers used a spoofed Streamyard platform to trick Pelle Wessman, a maintainer of Mocha, into downloading a virus. Another expert, Matteo Collina, nearly fell for a Slack message on 2 April, while others like Scott Motte (creator of dotenv) and John-David Dalton (creator of Lodash) were also targeted,\u201d Socket\u2019s Deeba Ahmed shared. <\/p>\n<p>\u201cThey even went after Socket CEO Feross Aboukhadijeh, the creator of WebTorrent and buffer, who noted that this type of targeting is becoming the \u2018new normal.&#8217;\u201d<\/p>\n<h3>Now someone is impersonating a Linux Foundation leader<\/h3>\n<p>Christopher Robinson, OpenSSF\u2019s Chief Technology Officer and Chief Security Architect, warns that attackers are currently also impersonating a well-known Linux Foundation community leader and attempting to lure the victim into following a malicious link.<\/p>\n<p>\u201cThe community has received reports of an active social engineering campaign targeting open source developers via Slack (including ToDoGroup&#8230;<\/p>\n<p><a href=\"https:\/\/www.helpnetsecurity.com\/2026\/04\/08\/social-engineering-open-source-developers\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Social engineering attacks on open source developers are escalating https:\/\/www.helpnetsecurity.com\/2026\/04\/08\/social-engineering-open-source-developers\/ Publish Date: 2026-04-08 08:26:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":232509,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/img.helpnetsecurity.com\/wp-content\/uploads\/2024\/04\/16103725\/open-source_1500.webp","fifu_image_alt":"","footnotes":""},"categories":[48],"tags":[71,32,57],"class_list":["post-232508","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-linux","tag-linux","tag-malware","tag-security"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232508"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=232508"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232508\/revisions"}],"predecessor-version":[{"id":232510,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/232508\/revisions\/232510"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/232509"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=232508"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=232508"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=232508"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}