Developer-Focused Supply Chain Malware via Malicious Open-Source Packages
Security researchers reported multiple software supply chain campaigns targeting developers through malicious packages in public repositories, aiming to steal credentials/secrets and establish persistent access that can later impact production environments. Socket disclosed a campaign dubbed StegaBin involving 26 malicious npm packages published over a two-day window that used a Pastebin “dead-drop” with character-level steganography to conceal C2 details, then resolved additional infrastructure across 31 Vercel deployments to deliver platform-specific shell payloads that install a RAT and a nine-module infostealer targeting VSCode data, SSH keys, git repositories, browser credential stores, clipboard contents, and other local secrets. Socket assessed the tradecraft as consistent with activity previously attributed to North Korea-aligned FAMOUS CHOLLIMA (Lazarus-linked) and noted rapid detection of the packages shortly after publication.
Separately, reporting highlighted four malicious NuGet packages—NCryptYo, DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_—that targeted ASP.NET developers by exfiltrating ASP.NET Identity data (users/roles/permissions) and enabling backdoors; the packages were published in August 2024, accumulated 4,500+ downloads, and were later removed. In that campaign, NCryptYo functioned as a dropper and proxy to an attacker-controlled C2, while DOMOAuth2_ and IRAOAuth2.0 handled data theft and backdoor rule delivery, and SimpleWriter_ enabled file writing and hidden process execution while masquerading as a PDF utility. Other items in the set described unrelated C2 tooling trends (a Polygon blockchain-based botnet loader and the Vshell C2 framework) and do not describe the same package-repository supply chain incidents.
How this story unfolded
12 events from the earliest known activity through the most recent confirmed update.
Malicious NuGet packages published to target ASP.NET developers
Four malicious NuGet packages — NCryptYo, DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_ — were published between August 12 and 21, 2024, to compromise ASP.NET web application developers during development. The packages were designed to steal ASP.NET Identity data and establish persistent backdoors that could later provide access to production environments.
Malicious npm packages published in StegaBin campaign
A supply-chain campaign later dubbed StegaBin published 26 typosquatted malicious npm packages on February 25–26, 2026, targeting developers with install-time malware. The packages used obfuscated loaders, Pastebin-based steganography, and Vercel-hosted infrastructure to deliver cross-platform payloads.
Socket rapidly detects StegaBin packages after publication
Socket reported detecting the first malicious StegaBin package within two minutes of publication and all 26 packages within six minutes each. This early detection helped surface the campaign's infrastructure, payload delivery chain, and post-exploitation toolkit.
Researcher Kieran Miyamoto discloses 17 related malicious npm packages
On February 26, 2026, independent researcher Kieran Miyamoto disclosed 17 related malicious npm packages and described the Pastebin decoder technique used in the campaign. The disclosure corroborated broader findings about the npm supply-chain activity.
Socket discloses StegaBin campaign and links it to Famous Chollima
On February 27, 2026, Socket publicly reported the StegaBin campaign, detailing 26 malicious npm packages, Pastebin steganography for C2 resolution, Vercel-based routing, and a nine-module infostealer/RAT toolkit. Based on tradecraft and infrastructure overlap, Socket assessed the activity as consistent with the North Korea-aligned actor FAMOUS CHOLLIMA tied to the Lazarus Group.
Malicious NuGet packages removed after discovery
The four malicious NuGet packages targeting ASP.NET developers were removed from NuGet after being discovered. Before takedown, the campaign accumulated more than 4,500 downloads.
Backdoored axios npm releases tied to hijacked maintainer account
In March 2026, attackers hijacked an axios maintainer account and published backdoored npm package versions carrying a cross-platform RAT. Microsoft and Google later attributed the campaign to a North Korea-linked cluster, while Elastic Security Labs described the operation as highly coordinated and carefully prepared.
Researchers detail updated Contagious Interview npm tradecraft
By March 2, 2026, researchers described the StegaBin activity as a new iteration of the North Korea-linked Contagious Interview campaign. The reporting highlighted the actor's shift to Pastebin steganography and multi-stage Vercel routing, plus a separate newer technique using Google Drive to fetch next-stage JavaScript.
Socket identifies five malicious NuGet packages impersonating Chinese UI libraries
On 2026-03-07, Socket disclosed five malicious NuGet packages published by the account bmrxntfj that impersonated or typosquatted Chinese .NET libraries and delivered a .NET Reactor-protected infostealer. The campaign had used 224 package versions since at least September 2025, amassed about 64,784 downloads, and the packages were still available on NuGet when Socket said it submitted takedown requests.
Socket links Contagious Interview to 1,700+ packages across five ecosystems
On April 7, 2026, Socket reported that a broader Contagious Interview software supply-chain cluster had spread across npm, PyPI, Go Modules, crates.io, and Packagist, encompassing more than 1,700 malicious packages. The report detailed shared publisher aliases, staged malware loaders, infrastructure on Vercel/Render and Google Drive, and noted that some packages and accounts were removed after reporting while others remained live.
Socket uncovers BufferZoneCorp RubyGems and Go modules supply-chain campaign
On 2026-05-01, Socket disclosed a software supply-chain campaign tied to the GitHub account BufferZoneCorp that used malicious Ruby gems and Go modules to steal secrets from developers, CI runners, and build environments. The report detailed credential theft, GitHub Actions and GOPROXY tampering, fake Go wrappers, and persistence via an added SSH key; Go Security blocked the identified malicious Go modules, while the Ruby gems and BufferZoneCorp account remained live at publication.
Socket reports compromise of 84 @tanstack npm package artifacts
On 2026-05-11, Socket disclosed that 84 npm package artifacts in the @tanstack namespace were compromised with credential-stealing malware targeting developer and CI/CD environments. The report linked the activity to the ongoing Mini Shai-Hulud campaign and said TanStack responded by unpublishing affected versions and shutting down publishing pipelines while investigating.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
12 references tracked. Mallory keeps watching after this page renders.
Trusted by default: The npm attack pattern security teams miss | perspective | SC Media
scworld.com
Open sourceTanStack npm Packages Compromised in Ongoing Mini Shai-Hulud...
socket.dev
Open sourceMalicious NuGet Packages Target Browser Credentials, SSH Keys, and Crypto Wallets
cybersecuritynews.com
Open sourceMalicious Ruby Gems and Go Modules Impersonate Developer Too...
socket.dev
Open sourceN. Korean Hackers Spread 1,700 Malicious Packages Across npm, PyPI, Go, Rust
thehackernews.com
Open sourceNorth Korea’s Contagious Interview Campaign Spreads Across 5...
socket.dev
Open source5 Malicious NuGet Packages Impersonate Chinese UI Libraries ...
socket.dev
Open sourceUpdated Contagious Interview campaign harnesses illicit npm packages for RAT delivery | brief | SC Media
scworld.com
Open sourceNew 'StegaBin' Campaign Uses Malicious 26 npm Packages to Deploy Multi-Stage Credential Stealer
cybersecuritynews.com
Open sourceNorth Korean Hackers Publish 26 npm Packages Hiding Pastebin C2 for Cross-Platform RAT
thehackernews.com
Open sourceMalicious NuGet packages target ASP.NET developers, steal sensitive data | brief | SC Media
scworld.com
Open sourceStegaBin: 26 Malicious npm Packages Use Pastebin Steganograp...
socket.dev
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Malicious open-source packages and developer-targeted supply chain attacks
Security researchers reported multiple **software supply chain** threats targeting developers via public package ecosystems. Tenable analyzed a malicious npm package, **`ambar-src`**, that reached roughly **50,000 downloads** in days before removal; it executed during installation via **malicious `preinstall` behavior**, used evasion techniques, and dropped OS-specific payloads for Windows, Linux, and macOS, with typosquatting assessed as the likely lure (mimicking *`ember-source`*). Separate reporting described a campaign using **malicious NuGet packages** (e.g., **NCryptYo**, **DOMOAuth2_**, **IRAOAuth2.0**, **SimpleWriter_**) that impersonated legitimate .NET libraries, executed code on assembly load, and established local proxying/backdoor behavior to facilitate credential theft and persistence in ASP.NET environments. Additional coverage warned of an npm “worm-like” propagation pattern impacting **CI pipelines and AI coding tools**, reinforcing that developer tooling and build systems are high-risk choke points where a single poisoned dependency can spread quickly across environments. While the broader set of articles also included unrelated breach, ransomware, and policy items, the developer-focused supply chain reporting consistently emphasized that **installation-time execution** and **typosquatting/impersonation** enable compromise even when developers never directly call the malicious code, and that traditional detection can lag (e.g., low initial antivirus detection rates for obfuscated .NET payloads).
Mar 21, 2026
Software Supply Chain Threats Targeting Open-Source Ecosystems and Developer Tooling
Open-source software supply chain risk continued to escalate, with reporting citing **454,600+** newly identified malicious packages across major repositories (including **PyPI, npm, Maven Central, NuGet, and Hugging Face**) and tactics ranging from **credential theft** to **multi-stage attacks** and even early **self-replicating** package malware. The activity reportedly concentrated heavily in **npm**, including high-volume “ecosystem flooding” (e.g., single accounts publishing **150,000+** malicious packages in days) and **hijacking of trusted projects**, exploiting developer reliance on superficial trust signals such as package names, READMEs, and download counts. Separately, researchers disclosed **“PackageGate”** vulnerabilities in JavaScript package managers (**npm, pnpm, vlt, and Bun**) that can bypass common post-incident defenses—namely `--ignore-scripts` and lockfile integrity—enabling malicious code execution via compromised dependencies. Koi Security reported six issues; **pnpm, vlt, and Bun** shipped fixes, while **npm** reportedly treated the behavior as expected. In parallel, threat actors abused **GitHub’s fork architecture** to distribute a spoofed *GitHub Desktop* installer promoted via search ads; execution deployed **HijackLoader** and established persistence via a **scheduled task**, underscoring that supply chain threats extend beyond package registries into developer tooling distribution channels.
Mar 21, 2026
Malware campaigns abuse developer ecosystems via malicious npm packages and GitHub repositories
Security researchers reported multiple **software supply chain-style malware distribution** efforts abusing developer-adjacent platforms. JFrog detailed a malicious npm package, `@openclaw-ai/openclawai`, masquerading as an *OpenClaw* CLI installer; once executed, it uses a `postinstall` hook to reinstall globally and drop an obfuscated first-stage (`setup.js`) that deploys a multi-stage payload internally identified as **GhostLoader** (campaign tracked as **GhostClaw**). The malware is designed to persist and exfiltrate a broad set of sensitive data from developer workstations, including credentials (e.g., cloud config artifacts for **AWS/GCP/Azure**), macOS Keychain data, browser sessions, SSH keys, and cryptocurrency wallet/seed material. Separately, Trend Micro reported a large-scale distribution operation for the **BoryptGrab** information stealer via **100+ public GitHub repositories** that pose as legitimate tools and game cheats. The campaign uses SEO manipulation (keyword-stuffed READMEs and lookalike download pages) to drive victims from search results into redirect chains that ultimately deliver ZIP archives containing the stealer; some variants also deploy a PyInstaller backdoor (**TunnesshClient**) that establishes a reverse SSH tunnel for attacker communications. Reported indicators (e.g., Russian-language comments and related infrastructure) suggest a possible Russian nexus, and the observed targeting focuses on harvesting browser data, crypto wallets, system information, and user files.
Apr 2, 2026