Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP.
The list of identified packages is below –
- chalk-tempalte (825 Downloads)
- @deadcode09284814/axios-util (284 Downloads)
- axois-utils (963 Downloads)
- color-style-utils (934 Downloads)
“One of the packages (chalk-tempalte) contains a direct clone of the Shai-Hulud source code that TeamPCP leaked last week, probably inspired as part of the supply chain attack competition that was published in BreachForums not long after,” OX Security’s Moshe Siman Tov Bustan said.
Interestingly, the malicious payloads embedded into the four npm packages are different, despite them being published by the same npm user, “deadcode09284814.” As of writing, the four libraries are still available for download from npm.
An analysis of the packages has revealed that “axois-utils” is designed to deliver a Golang-based distributed denial-of-service (DDoS) botnet called Phantom Bot, with capabilities to flood a target website using HTTP, TCP, and UDP protocols. It also establishes persistence on both Windows and Linux machines by adding the payload to the Windows Startup folder and creating a scheduled task.
The remaining three drop a stealer payload on compromised systems. Of the three packages, the “chalk-tempalte” package contains a clone of the Shai-Hulud worm released by TeamPCP.
“The actor took the code, and almost without any change at all — uploaded a working version with its own C2 server and private key into npm,” OX Security said. “The stolen credentials are sent to the remote C2 server — 87e0bbc636999b.lhr[.]life”
In addition, the data is exported to a new GitHub public repository using the stolen GitHub token via the API. The repository is given the description “A Mini Sha1-Hulud has Appeared.”
The other two npm packages, “@deadcode09284814/axios-util” and “color-style-utils,” carry a more straightforward functionality that siphons SSH keys, environment variables, cloud credentials, system information, IP address, and cryptocurrency wallet data to “80.200.28[.]28:2222” and “edcf8b03c84634.lhr[.]life,” respectively.
“Threat actors are getting even more motivated to conduct supply chain and typo-squatting, as attacks become easier to perform with the Shai-Hulud code becoming open source,” OX Security said. “We’re now seeing a single actor with multiple techniques and infostealer types spreading malicious code onto npm, as it’s just the first phase of an upcoming wave of supply chain attacks coming.”
Users who have downloaded the packages are uninstall them immediately, find and delete malicious configuration from IDEs and coding agents like Claude Code, rotate secrets, check for GitHub repositories containing the string “A Mini Sha1-Hulud has Appeared,” and block network access to suspicious domains.
