Malicious npm Package Targets GitHub with Sophisticated Supply Chain Attack

Listen to this Post

Featured Image
A recent discovery by Veracode Threat Research has unveiled a dangerous npm package exploiting the open-source ecosystem and CI/CD pipelines. The malicious package, “@acitons/artifact,” cleverly masqueraded as the widely trusted “@actions/artifact”—which has been downloaded over 206,000 times—using a classic typosquatting technique. By deceiving developers into installing it, the attackers aimed to infiltrate GitHub repositories, exfiltrate sensitive tokens, and potentially deploy harmful content while appearing legitimate.

Summary of the Threat

On November 7th, Veracode disclosed that the threat actor behind “@acitons/artifact” released six malicious versions, all containing a post-install hook designed to download and execute a hidden binary named “ci_test_harness.” This binary, highly obfuscated and virtually invisible to major antivirus engines at the time, executed stealth operations within GitHub’s CI/CD pipelines.

The malicious post-install script in version 4.0.13 ran a curl command to fetch the binary, modify its permissions, and launch it inside the build environment. Intriguingly, the malware contained an expiry mechanism, disabling itself after November 6, 2025, signaling careful attacker planning and a tightly controlled attack window.

Technically, “ci_test_harness” was compiled using SHC (Shell Script Compiler), enhancing its obfuscation and complicating static analysis. The malware specifically checked for GitHub environment variables and only executed if the repository owner was “github,” demonstrating a highly targeted attack. Once active, it executed a node package with a deeply obfuscated verify.js script, which acquired an AES encryption key from an external DNS service and encrypted sensitive data, including GitHub tokens.

Exfiltrated data was sent via a concealed HTTPS endpoint hosted as a GitHub App, blending seamlessly into legitimate traffic. The malicious package versions were later removed from npm, either by the attacker or GitHub, leaving only benign versions publicly available. Behavioral analysis by VirusTotal now confirms the package’s suspicious activity, despite initial scans failing to detect it.

This incident highlights the dangers of software supply chain attacks, aligning with OWASP’s A03:2025-Software Supply Chain Failures in its 2025 Top 10 security risks. Organizations using automated defenses like Veracode’s Package Firewall were shielded, demonstrating the critical importance of proactive security measures in modern DevOps pipelines. The attack underscores the sophistication and potential impact of compromised dependencies in widely used platforms such as GitHub Actions.

What Undercode Say:

The “@acitons/artifact” incident illustrates a worrying trend in software supply chain attacks: highly targeted, time-sensitive, and deeply obfuscated malware designed to bypass traditional security tools. This attack is not just opportunistic; it demonstrates advanced attacker strategy, including:

Precision targeting: By activating only for repositories owned by GitHub, the malware minimized collateral exposure while focusing on high-value targets.

Obfuscation techniques: Compiling with SHC and using encrypted payloads allowed the malware to evade antivirus detection and complicate static and behavioral analysis.

Supply chain vulnerabilities: The incident exploited the trust developers place in npm packages, showing that even widely used, “trusted” packages can become vectors for attack if typosquatting is employed.

From a security perspective, this highlights a two-fold issue: developers must rigorously verify package names and versions, and organizations must adopt continuous monitoring tools for CI/CD pipelines. Traditional perimeter defenses are insufficient against attacks embedded in dependencies or post-install scripts.

The campaign also emphasizes the growing importance of ephemeral attack windows. The embedded expiry mechanism shows attackers are increasingly careful about timing and detection, suggesting future threats may be even more stealthy and adaptive. Organizations that rely on automated builds, GitHub Actions workflows, or third-party packages must treat each dependency as a potential risk factor, not an assumed safe component.

Moreover, integrating behavioral monitoring with automated alerts for unexpected network calls or permission changes could significantly reduce the attack surface. Supply chain security now demands a holistic approach, combining dependency vetting, runtime analysis, and automated protection.

From a strategic standpoint, this incident is a reminder that cyber resilience is as much about process as technology. Even a single overlooked typo in a package name can have cascading effects across production pipelines, potentially compromising sensitive build tokens and, ultimately, organizational infrastructure. The security community should take note: the sophistication seen here will likely be repeated in attacks targeting other high-value platforms.

Fact Checker Results

✅ Confirmed: The malicious package “@acitons/artifact” mimicked “@actions/artifact” using typosquatting.
✅ Confirmed: The attack specifically targeted GitHub-owned repositories using CI/CD tokens.
❌ False Claim: Initial antivirus engines detected the malware immediately; it was evading detection at first.

Prediction

📊 As software supply chain attacks continue to rise, typosquatting campaigns targeting major package ecosystems will become more common. Developers may increasingly rely on automated verification tools, while attackers adapt with shorter-lived and highly targeted binaries. Future campaigns could involve multi-stage payloads that only activate under very specific conditions, further complicating detection. Organizations investing in CI/CD runtime monitoring and dependency audits will likely reduce risk, while those ignoring supply chain security may face increasing breaches. 🔐⚠️

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: cyberpress.org
Extra Source Hub (Possible Sources for article):
https://www.reddit.com/r/AskReddit
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2
Bing

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon