CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Compromised node-ipc npm Package Versions Deploy Stealer Payload via Obfuscated Backdoor

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Three legitimate versions of the widely used node-ipc npm package (9.1.6, 9.2.3, and 12.0.1) were republished with malicious stealer/backdoor code by an unauthorized maintainer account named 'atiertant', triggering on require('node-ipc') and exfiltrating developer and cloud secrets to a rogue C2 server. The attack features novel evasion tactics including DNS-based exfiltration via a fake Azure-themed domain (sh.azurestaticprovider[.]net), conditional payload execution in version 12.0.1, and targeted collection of 90 categories of credentials. This incident follows a prior 2022 protest-related compromise where the original maintainer added destructive capabilities to versions 10.1.1 and 10.1.2 targeting systems in Russia or Belarus, yet node-ipc retains over 690,000 weekly downloads. Security vendors (Socket, Ox Security, Upwind) confirmed the malicious nature of the affected versions, which skip large files and avoid scanning .git and node_modules directories to reduce operational noise.

Timeline

  1. 14.05.2026 20:22 2 articles · 1d ago

    Malicious node-ipc Versions 9.1.6, 9.2.3, and 12.0.1 Discovered with Stealer Payload

    Security researchers and application security companies (Socket, Ox Security, Upwind) confirmed three compromised versions of node-ipc—9.1.6, 9.2.3, and 12.0.1—containing heavily obfuscated stealer/backdoor behavior. The malicious payload executes automatically on require('node-ipc') and targets over 90 categories of developer and cloud secrets, including AWS, Azure, GCP, OCI, DigitalOcean, SSH keys, Kubernetes, Terraform, npm/GitHub/GitLab tokens, .env files, database credentials, shell histories, CI/CD secrets, macOS Keychain, Linux keyrings, Firefox profiles, Microsoft Teams local storage, and IndexedDB paths. The malware fingerprints infected systems, skips files larger than 4 MiB, avoids scanning .git and node_modules directories, and stores collected data in temporary tar.gz archives that are deleted after exfiltration via DNS TXT queries to the fake Azure-themed domain sh.azurestaticprovider[.]net using query prefixes xh, xd, and xf. Exfiltrating a 500 KB compressed archive could generate roughly 29,400 DNS TXT requests, blending into normal DNS activity. Version 12.0.1 includes a conditional execution gate based on a precomputed SHA-256 hash of the entry module path, while 9.x versions execute on any system loading them. The compromised maintainer account 'atiertant' belonged to an inactive maintainer, and the operation appears focused solely on credential theft without establishing persistence or downloading secondary payloads.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

OpenAI, TanStack, and Mistral AI Impacted in Escalating Mini Shai-Hulud Supply Chain Campaign

OpenAI has confirmed that two employee devices in its corporate environment were infected via the Mini Shai-Hulud supply chain attack on TanStack, resulting in limited credential theft from internal repositories but no impact on customer data, production systems, or deployed software. OpenAI responded by isolating systems, revoking user sessions, rotating all credentials, temporarily restricting deployment workflows, and auditing user and credential behavior. As a precaution, OpenAI revoked and reissued code-signing certificates for iOS, macOS, Windows, and Android products due to exposure in the incident, with macOS desktop users (ChatGPT Desktop, Codex App, Codex CLI, Atlas) required to update applications before June 12, 2026. The incident reflects a broader escalation of the Mini Shai-Hulud campaign, which initially targeted TanStack and Mistral AI before spreading to UiPath, Guardrails AI, and OpenSearch via stolen CI/CD credentials and legitimate GitHub Actions workflows. TeamPCP continues to refine tactics, including the public distribution of the Shai-Hulud worm through a supply chain attack contest, while targeting developer and cloud credentials across ecosystems. The malware employs advanced persistence, credential harvesting, and destructive sabotage components, with technical innovations such as a multi-tier C2 exfiltration system and a 1-in-6 probability kamikaze wiper on systems in Israel or Iran. Mistral AI separately confirmed impact via trojanized SDKs, with a single developer device affected and no infrastructure breach.

Open in new tab

Targeted social engineering of Axios maintainer enables UNC1069 npm supply chain compromise via WAVESHAPER.V2 implant

A maintainer of the widely used Axios npm package was targeted in a highly tailored social engineering campaign attributed to North Korean threat actor UNC1069, resulting in the compromise of npm account credentials and the publication of two trojanized versions of Axios (1.14.1 and 0.30.4). Google Threat Intelligence Group (GTIG) attributed the attack to UNC1069 based on the use of WAVESHAPER.V2 and infrastructure overlaps with past activities. The malicious packages were available for roughly three hours and injected a plain-crypto-js dependency that installed a cross-platform RAT, enabling credential theft and downstream compromise. The campaign also targeted additional maintainers, including Pelle Wessman (Mocha framework) and Node.js core contributors, revealing a coordinated effort against high-impact maintainers. The intrusion began with reconnaissance-driven impersonation of a legitimate company founder, engagement via a cloned Slack workspace and Microsoft Teams call, and execution of a fake system update that deployed the RAT. Post-incident, the maintainer reset devices, rotated all credentials, adopted immutable releases, introduced OIDC-based publishing flows, and updated GitHub Actions workflows to mitigate future risks.

Open in new tab

Malicious dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Legitimate dYdX-related packages on npm and PyPI have been compromised to distribute malicious versions that steal cryptocurrency wallet credentials and execute remote access trojans (RATs). The compromised packages target JavaScript and Python ecosystems, with different payloads for each. The attack is suspected to involve developer account compromise, allowing threat actors to push malicious updates using legitimate credentials. The affected packages include @dydxprotocol/v4-client-js (npm) versions 3.4.1, 1.22.1, 1.15.2, and 1.0.31, and dydx-v4-client (PyPI) version 1.1.5post1. The malicious code targets core registry files and uses obfuscation techniques to evade detection. Users are advised to isolate affected machines, move funds to new wallets from clean systems, and rotate all API keys and credentials. This incident highlights a persistent pattern of supply chain attacks targeting dYdX-related assets.

Open in new tab

PhantomRaven npm credential harvesting campaign leverages invisible dependencies

An ongoing npm credential harvesting campaign dubbed PhantomRaven has been active since August 2025. The malware steals npm tokens, GitHub credentials, and CI/CD secrets from developers worldwide. New attack waves occurred between November 2025 and February 2026, distributing 88 packages via 50 disposable accounts. At least 126 npm packages have been infected, resulting in over 86,000 downloads. The attack uses Remote Dynamic Dependencies (RDD) to hide malicious code in externally hosted packages, evading npm security scans. The campaign exploits AI hallucinations to create plausible-sounding package names, a technique known as slopsquatting. As of October 30, 2025, the attacker-controlled URL can serve any kind of malware, initially serving harmless code before pushing a malicious version. The malware scans the developer environment for email addresses and gathers information about the CI/CD environment. The npm ecosystem allows easy publishing and low friction for packages, with lifecycle scripts executing arbitrary code at install time. As of October 29, 2025, at least 80 of the infected packages remain active. Researchers have discovered a malicious npm package named "@acitons/artifact" that typosquats the legitimate "@actions/artifact" package to target GitHub-owned repositories. The package incorporated a post-install hook to download and run malware in versions 4.0.12 to 4.0.17, and has been downloaded 47,405 times. The malware specifically targets repositories owned by the GitHub organization, indicating a targeted attack against GitHub.

Open in new tab

GlassWorm malware targets OpenVSX, VS Code registries

GlassWorm has escalated into a multi-stage framework combining remote access trojans (RATs), data theft, and hardware wallet phishing, now leveraging Solana dead drops for C2, a novel browser extension for surveillance, and the Model Context Protocol (MCP) ecosystem. The campaign delivers a .NET binary targeting Ledger and Trezor devices by masquerading as configuration errors and prompting users to input recovery phrases, while a Websocket-based JavaScript RAT exfiltrates browser data and deploys HVNC or SOCKS proxy modules. The malware uses a Google Chrome extension disguised as Google Docs Offline for session surveillance on cryptocurrency platforms like Bybit and harvests extensive browser data. Recent innovations include a Zig-compiled dropper embedded within an Open VSX extension named 'specstudio.code-wakatime-activity-tracker' masquerading as WakaTime, which installs platform-specific Node.js native addons compiled from Zig code to stealthily infect all IDEs on a developer's machine. This dropper downloads a malicious VS Code extension (.VSIX) named 'floktokbok.autoimport' from an attacker-controlled GitHub account, which impersonates a legitimate extension with over 5 million installs and installs silently across all detected IDEs, avoiding execution on Russian systems and communicating with the Solana blockchain for C2. A new large-scale social engineering campaign has emerged, distributing fake VS Code security alerts posted in GitHub Discussions to automate posts across thousands of repositories using low-activity accounts, triggering GitHub email notifications with fake vulnerability advisories containing realistic CVE references. Links redirect victims through a cookie-driven chain to drnatashachinn[.]com, where a JavaScript reconnaissance payload profiles targets before delivering additional malicious payloads. This operation represents a coordinated, large-scale effort targeting developers. GlassWorm remains a persistent supply chain threat impacting npm, PyPI, GitHub, and Open VSX ecosystems. Since its emergence in October 2025, the campaign has evolved from invisible Unicode steganography in VS Code extensions to a sophisticated multi-vector operation spanning 151 compromised GitHub repositories and dozens of malicious npm packages. The threat actor, assessed to be Russian-speaking, continues to avoid infecting Russian-locale systems and leverages Solana blockchain transactions as dead drops for C2 resolution. Recent developments include the ForceMemo offshoot that force-pushes malicious code into Python repositories, the abuse of extensionPack and extensionDependencies for transitive malware delivery, and the introduction of Rust-based implants targeting developer toolchains. Eclipse Foundation and Open VSX have implemented security measures such as token revocation and automated scanning, but the threat actors have repeatedly adapted by rotating infrastructure, obfuscating payloads, and expanding into new ecosystems like MCP servers. A new wave of the GlassWorm campaign targets the OpenVSX ecosystem with 73 "sleeper" extensions that activate after updates, delivering malware to developers. Six extensions have already been activated, while the remainder remain dormant or suspicious. The campaign leverages thin loaders that fetch secondary VSIX packages or platform-specific modules at runtime, marking a shift in the group's tactics to evade detection by avoiding direct malware embedding in initial uploads. The extensions mimic legitimate listings using identical icons and near-identical names to deceive developers. Developers who installed these extensions are advised to rotate all secrets and perform a full system clean-up.

Open in new tab