Threats Tagged 'supply-chain'

An attacker registered the unscoped 'tanstack' name on npm and published four malicious versions (2.0.4-2.0.7) within 27 minutes on April 29, 2026. These packages contained postinstall hooks that automatically exfiltrated environment files containing sensitive credentials when developers ran npm install. The attacker exploited name confusion with the legitimate @tanstack organization, which publishes widely-used JavaScript libraries. The malicious code targeted .env files, stealing AWS keys, API tokens, database credentials, and OAuth secrets by sending them to an attacker-controlled Svix webhook endpoint. Version 2.0.6 was particularly dangerous, sweeping all .env variants in the working directory. The version history reveals live debugging by the attacker, who iteratively refined the payload targeting and stealth capabilities while the package remained publicly available with approximately 19,830 monthly downloads.

Threat actors are leveraging ClickFix-style social engineering tactics to distribute infostealers targeting macOS users through fake system utility lures. Attackers host malicious Terminal commands on blog sites and content platforms, disguised as troubleshooting advice for macOS issues. When executed, these commands download infostealers including Macsync, Shub Stealer, and AMOS, which exfiltrate browser credentials, cryptocurrency wallets, iCloud data, Keychain entries, and media files. The campaign has evolved to use Terminal-based script execution that bypasses Gatekeeper verification. Three distinct campaigns employ different tradecraft, with some replacing legitimate cryptocurrency wallet applications with trojanized versions and establishing persistence through LaunchAgents and LaunchDaemons that masquerade as legitimate services.

MediumCampaignUnited States#remote-dynamic-dependency#phantomraven#supply-chain

Between April 6-9, 2026, multiple obfuscated malicious npm packages were identified as variants of the OtterCookie infostealer attributed to North Korean threat actors. The campaign employs a two-layer distribution strategy where benign wrapper packages clone legitimate libraries like big.js while pulling malicious dependencies containing the actual payload. Five malicious packages were identified, each containing obfuscated JavaScript files that execute via postinstall hooks. The toolchain steals credentials, files including Solana wallets and environment configurations, and exfiltrates data to Vercel-hosted C2 infrastructure. On Linux systems, it establishes persistence through SSH backdoor installation. The infrastructure overlaps with documented OtterCookie operations and connects to broader DPRK campaigns including Contagious Interview and Contagious Trader, demonstrating continued evolution in North Korean software supply chain attacks targeting developers.

A coordinated supply chain attack targeted the axios npm package, compromising two versions (1.14.1 and 0.30.4) by injecting a malicious dependency. The attack delivered a cross-platform Remote Access Trojan to macOS, Windows, and Linux systems. The compromise occurred through the lead maintainer's npm account, bypassing normal publishing workflows. The malicious payload performed system reconnaissance, established persistence on Windows, and provided remote access capabilities. The attack affected numerous organizations and potentially exposed sensitive credentials. Immediate mitigation steps include pinning to safe versions, removing malicious dependencies, rotating credentials, and blocking the command and control server.

MediumCampaignUnited StatesIndiaGermany+7#remote-access-trojan#credential-theft#axios

An active supply chain worm campaign, dubbed SANDWORM_MODE, is spreading through typosquatting and AI toolchain poisoning across at least 19 malicious npm packages. The worm exhibits Shai-Hulud characteristics, incorporating GitHub API exfiltration with DNS fallback, hook-based persistence, SSH propagation, and MCP server injection targeting AI coding assistants. It harvests credentials from developer and CI environments, exfiltrates data via multiple channels, and uses stolen identities to propagate. The campaign also includes a weaponized GitHub Action for CI secret harvesting. The worm employs a multi-stage design with obfuscated loaders, time-gated execution, and extensive configuration options. It targets high-traffic developer utilities, crypto tooling, and AI coding tools, posing a significant threat to the software supply chain.

MediumMalwareUnited StatesGermanyUnited Kingdom+12#supply-chain#typosquatting#worm

The article details a sophisticated supply chain attack on Notepad++ that occurred from July to October 2025. Attackers compromised the update infrastructure, deploying various malicious payloads through three distinct infection chains. The attack targeted individuals and organizations in Vietnam, El Salvador, Australia, and the Philippines. The infection methods evolved over time, using NSIS installers, Metasploit downloaders, and Cobalt Strike Beacons. The attackers employed clever techniques to evade detection, including the abuse of legitimate software and the use of multiple C2 servers. The article provides a comprehensive timeline of the attack, describes the different execution chains, and offers guidance on detecting traces of the attack.

MediumMalwareGermanyFranceUnited Kingdom+4#mgbot#supply-chain#cobalt strike beacon

Three malicious npm packages were discovered in November 2025, designed to deliver and install a new RAT malware family named NodeCordRAT. The packages, bitcoin-main-lib, bitcoin-lib-js, and bip40, mimicked legitimate Bitcoin-related libraries to deceive developers. NodeCordRAT uses Discord for command-and-control communication, targets Chrome credentials, sensitive secrets, and MetaMask data. It performs host fingerprinting, executes shell commands, captures screenshots, and exfiltrates data. The malware exploits software supply chain vulnerabilities, highlighting the importance of vigilance in package management. Although removed from npm, the incident serves as a reminder of ongoing threats in the software development ecosystem.

MediumMalwareGermanyUnited KingdomFrance+4#nodecordrat#cryptocurrency#credential-theft

A malicious Visual Studio Code extension named 'prettier-vscode-plus' was discovered on the official VSCode Marketplace, impersonating the legitimate Prettier formatter. This extension served as the entry point for a multi-stage malware chain, starting with the Anivia loader, which decrypted and executed further payloads in memory. The final stage, OctoRAT, is a comprehensive remote access toolkit providing over 70 commands for surveillance, file theft, remote desktop control, persistence, privilege escalation, and harassment. The attack chain employs sophisticated techniques like AES encryption, process hollowing, and UAC bypass. The threat actor's GitHub repository showed active payload rotation to evade detection. This supply-chain attack highlights the evolving threats targeting developers and the abuse of trusted tools in their ecosystem.

MediumMalwareGermanyFranceUnited Kingdom+4#extension#remote-access-toolkit#supply-chain

A malicious npm package named 'https-proxy-utils' was discovered containing a post-install script that downloads and executes the AdaptixC2 post-exploitation framework agent. The package impersonated legitimate utilities and cloned functionality to evade detection. It targets Windows, Linux, and macOS platforms with tailored payload delivery methods. Once installed, the AdaptixC2 agent enables remote access, command execution, and persistence, posing significant risks to affected systems. This incident exemplifies the increasing abuse of open-source software supply chains as attack vectors. No known exploits in the wild have been reported yet, but the threat remains active and multi-platform. The malicious infrastructure is hosted on the domain cloudcenter. top, which serves payloads for different OS architectures. European organizations relying on npm packages for development or deployment are at risk, especially those with mixed OS environments. Mitigation requires vigilant package vetting, monitoring for suspicious post-install scripts, and network controls to block malicious domains.

MediumMalwareGermanyFranceNetherlands+5#adaptixc2#post-exploitation#npm

A self-replicating worm named Shai-hulud has been detected on the npm registry, spreading through compromised developer accounts and injecting malicious code into legitimate packages. The worm steals cloud service tokens, primarily targeting npm, GitHub, AWS, and GCP. It also installs Trufflehog to detect additional secrets. The compromised packages include popular ones with millions of weekly downloads. The worm's functionality includes auto-spreading, token theft, and exposing private repositories. Similarities with previous npm compromises have been noted. The impact is significant, affecting numerous developers and organizations across various industries.

MediumMalwareGermanyUnited KingdomFrance+5#worm#supply-chain#npm