CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Malicious npm packages targeting Windows, macOS, and Linux systems

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Ten malicious npm packages were discovered that deliver an information stealer targeting Windows, macOS, and Linux systems. The packages, uploaded to the npm registry on July 4, 2025, have collectively accumulated over 9,900 downloads. The malware uses multiple layers of obfuscation and a fake CAPTCHA to evade detection and harvests credentials from system keyrings, browsers, and authentication services. The packages are still available on npm despite being reported to npm. The attack aims to steal sensitive information, including credentials and session cookies, which can provide unauthorized access to corporate resources.

Timeline

  1. 29.10.2025 10:34 2 articles · 12d ago

    Malicious npm packages targeting Windows, macOS, and Linux systems discovered

    The packages are still available on npm despite being reported to npm. The packages use typosquatting to lure users into downloading them. The postinstall script executes 'app.js' outside the visible install log and clears the window immediately to evade detection. The script sends the victim's geolocation and system fingerprint information to the attacker's C2 server. The information stealer targets system keyrings such as Windows Credential Manager, macOS Keychain, Linux SecretService, libsecret, and KWallet. The information stealer seeks SSH keys in common directories and attempts to locate and steal OAuth, JWT, and other API tokens.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

PhantomRaven npm credential harvesting campaign leverages invisible dependencies

An ongoing npm credential harvesting campaign dubbed PhantomRaven has been active since August 2025. The malware steals npm tokens, GitHub credentials, and CI/CD secrets from developers worldwide. At least 126 npm packages have been infected, resulting in over 86,000 downloads. The attack uses Remote Dynamic Dependencies (RDD) to hide malicious code in externally hosted packages, evading npm security scans. The campaign exploits AI hallucinations to create plausible-sounding package names, a technique known as slopsquatting. As of October 30, 2025, the attacker-controlled URL can serve any kind of malware, initially serving harmless code before pushing a malicious version. The malware scans the developer environment for email addresses and gathers information about the CI/CD environment. The npm ecosystem allows easy publishing and low friction for packages, with lifecycle scripts executing arbitrary code at install time. As of October 29, 2025, at least 80 of the infected packages remain active.

Open in new tab

Rhadamanthys Stealer Adds Device Fingerprinting, PNG Steganography Payloads

Rhadamanthys Stealer, a popular information stealer, has been updated to include device and web browser fingerprinting capabilities. The malware now uses PNG steganography to conceal its payloads. The threat actor behind Rhadamanthys has also advertised two additional tools, Elysium Proxy Bot and Crypt Service, on their website. The stealer's current version is 0.9.2, and it is available under a malware-as-a-service (MaaS) model with tiered pricing packages. The threat actor has rebranded themselves as "RHAD security" and "Mythical Origin Labs," indicating a long-term business venture. The stealer's capabilities have evolved significantly, posing a comprehensive threat to personal and corporate security. The latest updates include enhanced obfuscation techniques, environment checks, and a Lua runner for additional plugins.

Open in new tab

Malicious 'postmark-mcp' npm package exfiltrated user emails

An unofficial npm package named 'postmark-mcp' silently stole users' emails after a malicious update. The package, which mimicked the official 'postmark-mcp' project, added a line of code in version 1.0.16 to exfiltrate email communications to an external address. The malicious version was available for a week and recorded around 1,643 downloads, potentially exposing sensitive information. The package was used to interface AI assistants with the Postmark email delivery platform, allowing them to send emails on behalf of users or apps. The malicious functionality could have exposed personal communications, password reset requests, two-factor authentication codes, financial information, and customer details. Users who downloaded the package are advised to remove it immediately, rotate potentially exposed credentials, and audit all MCP servers in use. The malicious package was deleted by the developer 'phanpak' after being contacted, who maintains 31 other packages on npm. Researchers at Koi Security discovered the malicious package, which contained a single line of code that BCC'd all emails to the threat actor. The risk could be widespread, with some 1,500 organizations potentially downloading the malicious package. The developer removed the malicious package from npm after being contacted by Koi Security.

Open in new tab

Malicious nx Packages Exfiltrate Credentials in 's1ngularity' Supply Chain Attack

The Shai-Hulud attack, a self-replicating malware, has compromised at least 187 npm packages, affecting multiple maintainers. The attack uses a self-propagating mechanism to infect other packages by the same maintainer, modifying package.json, injecting a bundle.js script, repacking the archive, and republishing it. The malware uses TruffleHog to search the host for tokens and cloud credentials, creating unauthorized GitHub Actions workflows within repositories and exfiltrating sensitive data to a hardcoded webhook endpoint. The attack is named 'Shai-Hulud' after the shai-hulud.yaml workflow files used by the malware and follows the 's1ngularity' attack, potentially orchestrated by the same attackers. The attack unfolded in three phases, impacting 2,180 accounts and 7,200 repositories. The first phase, between August 26 and 27, directly impacted 1,700 users, leaking over 2,000 unique secrets and exposing 20,000 files. The second phase, between August 28 and 29, compromised an additional 480 accounts, mostly organizations, and exposed 6,700 private repositories. The third phase, beginning on August 31, targeted a single victim organization, publishing an additional 500 private repositories. The attackers used AI-powered CLI tools like Claude, Q, and Gemini to dynamically scan for high-value secrets, tuning the prompts for better success. The Shai-Hulud worm emerged just days after a broad phishing campaign that spoofed NPM and asked developers to update their multi-factor authentication login options. The Shai-Hulud worm was first detected on September 14, 2025, around 17:58 UTC. The Shai-Hulud worm briefly compromised at least 25 NPM code packages managed by CrowdStrike. The Shai-Hulud worm spreads by using stolen NPM authentication tokens, adding its code to the top 20 packages in the victim’s account. The Shai-Hulud worm deliberately skips Windows systems, assuming the victim is working in a Linux or macOS environment. The Shai-Hulud worm uses the open-source tool TruffleHog to search for exposed credentials and access tokens on the developer’s machine. The Shai-Hulud worm attempts to create new GitHub actions and publish any stolen secrets. The Shai-Hulud worm's spread seems to have waned in recent hours but could restart if a new victim is infected. The web address used by the attackers to exfiltrate collected data was disabled due to rate limits. The Shai-Hulud worm is still propagating, although its spread has slowed down. The Shai-Hulud worm can lay dormant and restart the spread if a new victim is infected. The Shai-Hulud worm's spread could be significantly reduced by implementing a publication model that requires explicit human consent for every publication request using a phish-proof 2FA method.

Open in new tab

UNC5518 Access-as-a-Service Campaign via ClickFix and Fake CAPTCHA Pages

The ClickFix malware campaign has evolved to include multi-OS support and video tutorials that guide victims through the self-infection process. The campaign, which uses fake Cloudflare CAPTCHA pages and malicious PowerShell scripts, has been observed deploying various payloads, including information stealers and backdoors. The FileFix attack, a variant of the ClickFix family, impersonates Meta account suspension warnings to trick users into installing the StealC infostealer malware. The campaign has evolved over two weeks with different payloads, domains, and lures, indicating an attacker testing and adapting their infrastructure. The FileFix technique, created by red team researcher mr. d0x, uses the address bar in File Explorer to execute malicious commands. The campaign employs steganography to hide a second-stage PowerShell script and encrypted executables inside a JPG image, which is believed to be AI-generated. The StealC malware targets credentials from various applications, cryptocurrency wallets, and cloud services, and can take screenshots of the active desktop. The FileFix attack uses a multilingual phishing site to trick users into executing a malicious command via the File Explorer address bar. The attack leverages Bitbucket to host the malicious components, abusing a legitimate source code hosting platform to bypass detection. The attack involves a multi-stage PowerShell script that downloads an image, decodes it into the next-stage payload, and runs a Go-based loader to launch StealC. The attack uses advanced obfuscation techniques, including junk code and fragmentation, to hinder analysis efforts. The FileFix attack is more likely to be detected by security products due to the payload being executed by the web browser used by the victim. The FileFix attack demonstrates significant investment in tradecraft, with carefully engineered phishing infrastructure, payload delivery, and supporting elements to maximize evasion and impact. The MetaStealer attack, a variant of the ClickFix family, uses a fake Cloudflare Turnstile lure and an MSI package disguised as a PDF to deploy the MetaStealer infostealer malware. The attack involves a multi-stage infection chain that includes a DLL sideloading technique using a legitimate SentinelOne executable. The MetaStealer attack targets crypto wallets and other sensitive information, using a combination of social engineering and technical evasion techniques to deploy malware. Previously, threat actors tracked as UNC5518 leveraged a social engineering tactic called ClickFix to deploy the CORNFLAKE.V3 backdoor. The campaign used fake CAPTCHA pages to trick users into executing malicious PowerShell scripts, providing initial access to systems. This access was then monetized by other threat groups, including UNC5774 and UNC4108, which deployed additional payloads. The attack began with users interacting with compromised search results or malicious ads, leading them to fake CAPTCHA pages. Users were then tricked into running a malicious PowerShell command, which downloaded and executed the CORNFLAKE.V3 backdoor. This backdoor supported various payload types and could collect system information, which was transmitted via Cloudflare tunnels to evade detection. CORNFLAKE.V3 is an updated version of CORNFLAKE.V2, featuring host persistence and additional payload support. The campaign also involved the deployment of WINDYTWIST.SEA, a backdoor that supports lateral movement within infected networks.

Open in new tab