Active Supply Chain Attack Compromises Packages on npm
An active npm supply chain attack has compromised packages in the @antv ecosystem, affecting the maintainer account 'atool'. The attack is part of the Mini Shai-Hulud campaign, involving 639 compromised package versions across 323 unique packages. Notable affected packages include echarts-for-react with 1.1 million weekly downloads, and widely-used @antv packages for data visualization. The malware uses obfuscated install-time payloads that harvest developer credentials, GitHub tokens, npm tokens, AWS credentials, and other secrets from development and CI/CD environments. Stolen data is encrypted with AES-256-GCM and exfiltrated to a command-and-control server, with GitHub repositories used as fallback channels. The malware contains worm-like functionality to republish compromised packages and propagate through the npm ecosystem.
AI Analysis
Technical Summary
This threat involves an active supply chain attack targeting the npm package ecosystem, specifically packages maintained under the @antv namespace and the 'atool' maintainer account. The Mini Shai-Hulud campaign compromised 639 package versions across 323 unique packages, including echarts-for-react, which has significant usage. The malicious payloads are obfuscated and execute during package installation, harvesting a variety of sensitive credentials from developer and CI/CD environments. Exfiltration of stolen data is secured via AES-256-GCM encryption and uses both a command-and-control server and GitHub repositories as fallback channels. The malware also propagates by republishing compromised packages, enabling worm-like spread within the npm ecosystem. There is no indication of known exploits in the wild beyond this campaign, nor is there a vendor advisory or patch information available.
Potential Impact
The attack compromises developer and CI/CD environment credentials, including GitHub tokens, npm tokens, and AWS credentials, potentially allowing attackers to access source code repositories, publish malicious packages, and escalate further within affected environments. The widespread nature of the compromised packages, including one with over one million weekly downloads, increases the risk of downstream impact to users and organizations relying on these packages. The worm-like propagation capability can lead to further contamination of the npm ecosystem.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until official fixes or guidance are provided, developers and organizations should audit their dependencies for affected @antv packages and echarts-for-react versions, consider temporarily removing or replacing these packages, and rotate any potentially exposed credentials such as GitHub tokens, npm tokens, and AWS credentials. Monitoring for unusual package republishing activity and restricting CI/CD environment secrets exposure are recommended. Follow updates from npm and package maintainers for remediation announcements.
Indicators of Compromise
- domain: t.m-kosche.com
- hash: 1916faa365f2788b6e193514872d51a242876569
- url: https://t.m-kosche.com:443/api/public/otel/v1/traces
Active Supply Chain Attack Compromises Packages on npm
Description
An active npm supply chain attack has compromised packages in the @antv ecosystem, affecting the maintainer account 'atool'. The attack is part of the Mini Shai-Hulud campaign, involving 639 compromised package versions across 323 unique packages. Notable affected packages include echarts-for-react with 1.1 million weekly downloads, and widely-used @antv packages for data visualization. The malware uses obfuscated install-time payloads that harvest developer credentials, GitHub tokens, npm tokens, AWS credentials, and other secrets from development and CI/CD environments. Stolen data is encrypted with AES-256-GCM and exfiltrated to a command-and-control server, with GitHub repositories used as fallback channels. The malware contains worm-like functionality to republish compromised packages and propagate through the npm ecosystem.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This threat involves an active supply chain attack targeting the npm package ecosystem, specifically packages maintained under the @antv namespace and the 'atool' maintainer account. The Mini Shai-Hulud campaign compromised 639 package versions across 323 unique packages, including echarts-for-react, which has significant usage. The malicious payloads are obfuscated and execute during package installation, harvesting a variety of sensitive credentials from developer and CI/CD environments. Exfiltration of stolen data is secured via AES-256-GCM encryption and uses both a command-and-control server and GitHub repositories as fallback channels. The malware also propagates by republishing compromised packages, enabling worm-like spread within the npm ecosystem. There is no indication of known exploits in the wild beyond this campaign, nor is there a vendor advisory or patch information available.
Potential Impact
The attack compromises developer and CI/CD environment credentials, including GitHub tokens, npm tokens, and AWS credentials, potentially allowing attackers to access source code repositories, publish malicious packages, and escalate further within affected environments. The widespread nature of the compromised packages, including one with over one million weekly downloads, increases the risk of downstream impact to users and organizations relying on these packages. The worm-like propagation capability can lead to further contamination of the npm ecosystem.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until official fixes or guidance are provided, developers and organizations should audit their dependencies for affected @antv packages and echarts-for-react versions, consider temporarily removing or replacing these packages, and rotate any potentially exposed credentials such as GitHub tokens, npm tokens, and AWS credentials. Monitoring for unusual package republishing activity and restricting CI/CD environment secrets exposure are recommended. Follow updates from npm and package maintainers for remediation announcements.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://socket.dev/blog/antv-packages-compromised"]
- Adversary
- null
- Pulse Id
- 6a0c1b289f4fe8b7bdf00a84
- Threat Score
- null
Indicators of Compromise
Domain
| Value | Description | Copy |
|---|---|---|
domaint.m-kosche.com | — |
Hash
| Value | Description | Copy |
|---|---|---|
hash1916faa365f2788b6e193514872d51a242876569 | — |
Url
| Value | Description | Copy |
|---|---|---|
urlhttps://t.m-kosche.com:443/api/public/otel/v1/traces | — |
Threat ID: 6a0ca27cba1db47362b847ea
Added to database: 5/19/2026, 5:48:44 PM
Last enriched: 5/19/2026, 5:49:04 PM
Last updated: 5/20/2026, 7:04:43 AM
Views: 48
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.