Threats Tagged 'npm packages'

A sophisticated supply chain campaign targeting the open source developer ecosystem has emerged, compromising NPM packages in the @antv namespace, GitHub Actions including actions-cool/issues-helper, and the VSCode extension nrwl.angular-console. The malware initiates multi-stage infection chains using GitHub-hosted infrastructure and orphaned commits to deploy payloads via bun. It harvests extensive credentials including GitHub tokens, SSH keys, cloud credentials, and browser secrets, exfiltrating data through attacker-controlled public GitHub repositories. The campaign establishes persistence through a Python backdoor that polls GitHub for signed commands containing specific trigger strings, enabling remote code execution. Infrastructure analysis and operational patterns indicate moderate confidence attribution to the threat actor TeamPCP.

A supply chain operation dubbed 'Mini Shai Hulud' compromised SAP-related npm packages by injecting malicious preinstall scripts that execute during installation. The campaign leverages multi-stage payloads to harvest developer and CI/CD secrets from GitHub, npm, and major cloud providers, exfiltrating data via attacker-controlled GitHub repositories. Malicious versions of legitimate SAP ecosystem packages execute obfuscated payloads that collect GitHub tokens, npm credentials, cloud secrets from AWS, Azure and GCP, Kubernetes tokens, and GitHub Actions secrets. The malware includes propagation logic to infect additional repositories and features browser credential theft capabilities. It performs language checks to avoid Russian-speaking systems. Attribution points to TeamPCP based on shared RSA public keys and overlapping techniques from previous operations.

The npm ecosystem experienced a critical shift in September 2025 with the Shai-Hulud worm, marking the transition from isolated attacks to systematic supply chain compromises. In April 2026, TeamPCP launched a coordinated campaign through a malicious @bitwarden/cli package targeting multiple distribution channels including Docker Hub, GitHub Actions, and VS Code extensions. The multi-stage payload employs advanced obfuscation, harvests credentials from cloud providers and developer workstations, exfiltrates data through encrypted HTTPS and GitHub repositories, and self-propagates by backdooring npm packages using stolen tokens. The malware implements GitHub's search API as a resilient command-and-control fallback mechanism and features anti-detection measures including Russian locale killswitches. This represents an evolution toward wormable propagation, infrastructure-level persistence, and dormant payloads that activate under specific conditions.

A sophisticated fake recruitment campaign named 'graphalgo' has been active since May 2025, targeting JavaScript and Python developers in the cryptocurrency sector. Attackers approach victims through LinkedIn, Facebook, and Reddit with fabricated job opportunities from fake blockchain companies like Veltrix Capital. The campaign uses malicious dependencies hidden in npm and PyPI packages, delivered through coding test repositories on GitHub. Notable is the bigmathutils package that accumulated over 10,000 downloads before its malicious version was released. The operation deploys a remote access trojan (RAT) with token-protected C2 communication, file manipulation capabilities, and functionality to detect the Metamask browser extension, indicating focus on cryptocurrency theft. The modular campaign design allows threat actors to maintain backend infrastructure while easily replacing compromised frontend elements.