PolinRider Confirmed Footprint Grows 6.5x Since March
2026-07-15 • Open Source Malware •
https://opensourcemalware.com/blog/polinrider-blast-radius-grows
OpenSourceMalware identified 2,417 newly compromised repositories in July, bringing PolinRider's confirmed footprint to 4,367 repositories across 2,152 owners—roughly 6.5 times the March count. The source attributes PolinRider to the North Korean Lazarus Group and treats it as a parallel or sub-campaign of Contagious Interview that initially used TasksJacker-stolen credentials. Config-file injection accounted for 93.9% of the new repositories, while malicious JavaScript hidden in `.woff2` font files represented an established secondary vector. More than 90% of affected owners were individual developers, consistent with a campaign that compromises job seekers and propagates through their GitHub accounts.