OpenSourceMalware reports that DPRK threat actors compromised four Neutralinojs GitHub organization repositories in a 132-second automated burst on March 2, 2026. The attacker used the alphagamer7 account to force-push backdated malicious commits, spoof maintainer or github-actions[bot] identities, and hide obfuscated JavaScript after whitespace in files such as spec/runner.js, src/constants.js, babel.config.js, and .env-backed configuration. The activity is tied by the source to a broader DPRK campaign against open-source maintainers, with the final payload described as the latest BeaverTail malware associated with Contagious Interview operations. The compromise is significant because Neutralinojs has thousands of users, and poisoned upstream repositories can spread infostealer and backdoor code to developers and dependent projects before maintainers notice the history manipulation.