This campaign targets the npm ecosystem through typosquatting, where 14 malicious packages impersonate well-known OpenSearch, ElasticSearch, and DevOps libraries. Upon installation, these packages execute malicious code via npm lifecycle hooks to perform a two-stage credential harvesting operation. The malware collects AWS credentials, HashiCorp Vault tokens, GitHub Actions secrets, and npm publish tokens by querying AWS Instance Metadata Service, ECS task metadata, and enumerating AWS Secrets Manager across multiple regions. Two stager variants were observed: an HTTP-based command and control beacon and a stealthier variant abusing the legitimate Bun runtime. The harvested credentials enable attackers to move laterally within cloud environments and conduct downstream supply chain attacks by compromising npm maintainer identities, specifically targeting developers involved with cloud and CI/CD workflows.

The attack compromises sensitive cloud and CI/CD secrets including AWS credentials, Vault tokens, GitHub Actions secrets, and npm publish tokens. This enables attackers to perform lateral movement within cloud environments and potentially compromise additional supply chain components by abusing npm maintainer identities. The malicious packages can lead to unauthorized access and control over cloud infrastructure and developer workflows, increasing the risk of further downstream attacks.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until official fixes or removals are available, developers should avoid installing suspicious or typosquatted npm packages, verify package names carefully, and use tools that detect typosquatting and malicious packages. Monitoring for unusual activity related to npm tokens and cloud credentials is recommended. Employing least privilege principles for CI/CD secrets and rotating credentials regularly can reduce impact. Refer to the Microsoft security blog linked in the technical details for updated guidance.