Google said it detected signs that hackers linked to North Korea tried to steal user login credentials by planting malicious code in an open-source software update.
According to Google on the 31st (local time), the hackers inserted malicious code during an update to the open-source program Axios, which handles consolidation between apps and web services. The software is a core component responsible for data transmission and is used across a wide range of systems.
Security experts warned that if the malicious code gains system access privileges, it could lead not only to credential theft but also to additional data leaks. In fact, attack code targeting major operating systems, including Mac, Windows, and Linux, was confirmed to have been developed together.
Cybersecurity firms analyzed the attack as an attempt to secure a path to access millions of systems. However, the specific scale of downloads of the program containing the malicious code has not yet been confirmed.
The problematic code was found and removed within a day, but the possibility remains that it had already affected some systems.
Google pointed to the North Korea-linked hacking group UNC1069 as the force behind the attack. The group is believed to have been active since 2018 and is known to have targeted the cryptocurrency and financial sectors as primary victims.
Google said North Korean hackers are continually attempting software supply chain attacks and cryptocurrency theft to evade sanctions and secure funds.