EXECUTIVE SUMMARY
The campaign is attributed to a single operator who controls three npm maintainer accounts that masquerade as internal corporate namespaces. The threat takes the form of a supply‑chain attack that abuses dependency‑confusion techniques to inject malicious packages into developer environments. Targets include enterprises that host private npm scopes across North America, Europe and Asia, with a focus on software development and CI/CD pipelines. The attacker’s immediate goal is to harvest system and credential information, while retaining the option to launch ransomware or data‑exfiltration attacks once a target list is built.[/subscribe_to_unlock_form]
EXECUTIVE SUMMARY
The campaign is attributed to a single operator who controls three npm maintainer accounts that masquerade as internal corporate namespaces. The threat takes the form of a supply‑chain attack that abuses dependency‑confusion techniques to inject malicious packages into developer environments. Targets include enterprises that host private npm scopes across North America, Europe and Asia, with a focus on software development and CI/CD pipelines. The attacker’s immediate goal is to harvest system and credential information, while retaining the option to launch ransomware or data‑exfiltration attacks once a target list is built.[emaillocker id="1283"]
Victims receive the malicious code when a developer runs npm install against a package whose name matches an internal scope. The package’s postinstall script executes an obfuscated JavaScript stager that first checks for CI variables and node version, then contacts a remote command‑and‑control server. The server returns a small platform‑specific binary that the stager writes to the temporary directory and spawns as a detached process. The payload records hostnames, environment variables and installed dependencies, reports the data back to the C2 endpoint, and respects a cached marker to avoid repeating the download on subsequent installs.
This threat matters because it compromises the software supply chain at a point many organisations trust, and it runs silently within developer tools. Postinstall hooks and cache‑based deduplication evade typical file‑integrity checks, while CI bypass reduces alerts in monitored pipelines. Defences should include strict allow‑listing of npm packages, verification of package provenance before installation, and continuous monitoring of npm‑install commands for unusual network traffic. Organizations also need to keep node and npm versions patched, enforce least‑privilege for build agents, and maintain reliable backups to recover if later stages of the campaign succeeds.
THREAT PROFILE:
| Tactic | Technique ID | Technique | Sub-technique |
| Initial Access | T1195.001 | Supply Chain Compromise | Compromise Software Dependencies and Development Tools |
| Execution | T1059.007 | Command and Scripting Interpreter | JavaScript |
| Defense Evasion | T1036.002 | Masquerading | Right-to-Left Override |
| Defense Evasion | T1027 | Obfuscated Files or Information | — |
| Defense Evasion | T1497.001 | Virtualization/Sandbox Evasion | System Checks |
| Defense Evasion | T1564.001 | Hide Artifacts | Hidden Files and Directories |
| Credential Access | T1555.003 | Credentials from Password Stores | Credentials from Web Browsers |
| Discovery | T1082 | System Information Discovery | — |
| Command and Control | T1071.001 | Application Layer Protocol | Web Protocols |
| Command and Control | T1105 | Ingress Tool Transfer | — |
REFERENCES:
The following reports contain further technical details:
https://securityonline.info/npm-dependency-confusion-attack/
https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/