A Graphalgo campaign, linked to North Korea, is reportedly using fake job offers to trick developers into running projects infected with malware. The scam is distributed through npm and PyPI packages.