MUT-1244 malicious npm campaign targeting developers

Campaign

First reported

18.08.2025 13:56

Last updated

18.08.2025 13:56

Happening score

H score 39

1 unique sources, 1 articles

Summary

Hide ▲

The MUT-1244 operation is targeting developers and the cybersecurity community with booby-trapped npm lures that can steal credentials and wallet data, turning routine package review into a data-theft and mining risk.

Timeline

18.08.2025 13:56 1 articles · 9mo ago

MUT-1244 targets developers with booby-trapped npm lures

Initial Disclosure
In recent months, threat actors tracked as MUT-1244 have targeted developers and the cybersecurity community under a job-assessment pretext, steering them to clone a booby-trapped GitHub repository and install malicious npm packages that can steal iCloud Keychain, web browser, and cryptocurrency wallet data, exfiltrate it to an external server or Dropbox, and also download Python scripts, harvest credentials, log keystrokes, take screenshots, and monitor clipboard content.
Show sources

Malicious PyPI and npm Packages Discovered Exploiting Dependencies in Supply Chain Attacks — thehackernews.com — 18.08.2025 13:56
Open in new tab

Summary

Timeline

MUT-1244 targets developers with booby-trapped npm lures