PhantomRaven: The Global npm Supply Chain Attack Targeting Developers

Listen to this Post

Featured Image

Introduction

In an alarming escalation of software supply chain attacks, a sophisticated malware campaign named PhantomRaven has compromised developer environments worldwide through malicious npm packages. Leveraging advanced evasion techniques and exploiting trust in the npm ecosystem, this campaign has quietly infiltrated systems, harvested sensitive credentials, and demonstrated a new level of sophistication in developer-targeted attacks.

Summary of the Attack

PhantomRaven was uncovered by Koi Security in October 2025 after it had already infiltrated developer systems globally through 126 malicious npm packages, downloaded over 86,000 times. The campaign first emerged in August 2025, with attackers publishing the initial packages to the npm registry. While npm detected and removed 21 of these early packages, the attackers quickly adapted, uploading 80 additional packages between September and October 2025 that successfully bypassed detection.

The attackers operated under multiple email accounts from free providers, with usernames like npmhell and npmpackagejpd. The malware employed a novel evasion technique called Remote Dynamic Dependencies (RDD), exploiting npm’s ability to reference external HTTP URLs as dependencies. This allowed malicious packages to fetch hidden payloads from the attacker-controlled server, completely invisible to traditional security scanners. Even though the visible source code appeared innocuous, the payload activated automatically through npm lifecycle scripts, specifically the preinstall hook, requiring no user interaction.

Once installed, PhantomRaven harvested sensitive credentials, including npm authentication tokens, GitHub Actions tokens, GitLab CI credentials, Jenkins credentials, and CircleCI tokens. The malware also performed comprehensive system fingerprinting, gathering environment data such as email addresses, IP addresses, hostnames, operating system details, Node.js versions, and working directory paths. Multiple exfiltration methods—HTTP GET, HTTP POST, and WebSocket connections—ensured data reached attacker servers even under restrictive network conditions.

Additionally, PhantomRaven exploited “slopsquatting”, publishing packages with names similar to legitimate ones that AI-assisted code tools might suggest, such as unused-imports instead of eslint-plugin-unused-imports. This tactic preyed on developer trust and AI-driven recommendations to increase the likelihood of installation.

What Undercode Say:

PhantomRaven represents a turning point in supply chain attacks, demonstrating the increasing sophistication of threats in the developer ecosystem. By exploiting Remote Dynamic Dependencies, the attackers bypassed one of the most fundamental security assumptions in package management: that listed dependencies can be trusted and easily scanned. This innovation shows that attackers are not only targeting end-users but are directly infiltrating the development pipeline, where the potential impact is far greater.

The automatic execution of the malware via lifecycle scripts highlights the dangers of trusting external dependencies blindly, especially when modern development practices rely heavily on open-source packages. PhantomRaven’s approach also underscores the limitations of traditional security tooling, which often fails to inspect external or dynamically loaded dependencies. Developers need to implement multi-layered security strategies, including dependency verification, code reviews, and runtime monitoring, to mitigate such attacks.

The credential theft and environment profiling capabilities of PhantomRaven indicate a strategic shift toward long-term infiltration and control rather than short-term disruption. By exfiltrating CI/CD tokens, attackers gain the ability to compromise entire development pipelines, inject malicious code, or steal intellectual property. This approach suggests a broader trend toward developer-targeted cyber espionage, where attackers see high-value code repositories as prime targets.

The use of slopsquatting reveals a subtle yet highly effective psychological manipulation: leveraging AI hallucinations and human trust in package names. This aligns with a rising pattern in cybersecurity where social engineering is increasingly integrated with technical exploits to maximize infection rates.

Organizations and individual developers must now evaluate not only the content of their dependencies but also their provenance, update frequency, and the security practices of maintainers. Automated tools alone are insufficient; proactive auditing and awareness training are critical. PhantomRaven should serve as a wake-up call for the industry to rethink the security of supply chains and adopt a more risk-aware, developer-centric approach.

Fact Checker Results:

✅ PhantomRaven compromised developer systems via 126 malicious npm packages.

✅ Malware utilized Remote Dynamic Dependencies to evade detection.

❌ The attack required manual user interaction to execute.

Prediction:

📊 The rise of attacks like PhantomRaven signals an era where npm and other package registries will face increasing scrutiny. We can expect stronger security enforcement by registries, adoption of dependency provenance tools, and possibly AI-driven malware scanning. Developers may increasingly rely on automated trust scoring for packages, while attackers evolve even more sophisticated evasion techniques. The battle for secure supply chains will likely intensify, making developer vigilance essential.

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: cyberpress.org
Extra Source Hub (Possible Sources for article):
https://www.reddit.com
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2
Bing

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon