Phishing Email Compromises npm Maintainer
Phishing email impersonating npm support lured the developer into submitting their two-factor code. The message claimed to be a security update but in reality led to a fake login page. Once the maintainer entered credentials, attackers gained full control of the npm account. They then quietly pushed malicious updates into several popular libraries. In all, this exploit affected at least 18 widely-used npm packages (over 2+ billion weekly downloads) before it was quickly corrected.
npm Packages Conceal Trojanized Crypto RAT
After compromising the account, the attacker published Trojanized npm modules. These look like benign utility libraries but include a hidden payload. For example, one package named js-logger-pack used its post-install hook to download a large executable from the internet. The payload (nicknamed MicrosoftSystem64) is an 81 MB multi-platform RAT. Once installed, it runs silently in the background, providing a full remote-control backdoor. This design ensures the malware installs as a native process and is difficult for normal npm or antivirus tools to detect.
Hugging Face Misused for Data Exfiltration
Remarkably, the attackers abused the Hugging Face platform to hide their tracks. The npm malware fetches its payload from a public Hugging Face repo and uploads all stolen data into the attacker’s private Hugging Face datasets. Because Hugging Face is a trusted AI model host, this traffic looks ordinary. In short, sensitive wallet keys and login tokens are quietly sent to the attacker via encrypted Hugging Face API calls instead of a suspicious remote server.
Cross-Platform RAT Hijacks Crypto Wallet Data
Once active on a developer’s machine, the RAT operates like a full-featured trojan. SafeDep’s analysis shows it can perform dozens of powerful actions. For example:
- Harvests credentials: It grabs passwords and keys from 15 major browsers (Chrome, Edge, Firefox, etc.) and from 80+ cryptocurrency wallet extensions (including local wallet files).
- Steals session data: It compresses and uploads the Telegram Desktop data folder (
tdata) and even exfiltrates SSH keys (id_rsa,id_ed25519,known_hosts, etc.). - Monitors user: A built-in keylogger records every keystroke and clipboard entry on Windows, macOS, and Linux. It also periodically takes screenshots of the user’s desktop and uploads them to Hugging Face.
- Persists and updates: The malware self-updates daily by polling the Hugging Face repo and installs persistent services (Windows Scheduled Task, macOS LaunchAgent, Linux systemd) to survive reboots.
Each of these capabilities is active the moment the npm package is installed, so the attack spreads to any environment that pulls in the malicious module.
Scope and Previous Supply-Chain Attacks
This particular npm cryptostealer incident comes on the heels of other similar attacks on supply chains for developers. For example:
- September 2025: An attack against an npm maintainer resulted in crypto-stealing scripts being embedded into 18 of npm’s widely-used packages, including Chalk and Debug. In total, those packages have ~2 billion installs weekly. The script was meant to redirect crypto transactions by manipulating user wallets in their browser.
- March 2026: Packages like axios that are part of the standard development process were hacked. Malicious versions included cryptocurrency-stealing malware via dependent packages such as plain-crypto-js.
- May 2026: The “TrapDoor” operation utilized malicious packages on npm, PyPI, and Rust for the purpose of crypto-wallet and API key theft using fake development tools.
The recent wave of attacks is characterized by a worrying trend where hackers are increasingly focusing on development tools and libraries used in creating cryptographic software. Given that billions of installations are at stake, any such compromises pose a major threat.
Conclusion: When Trusted Packages Become Crypto Theft Infrastructure
This npm cryptostealer campaign shows how fragile developer trust has become. A single maintainer phishing compromise allowed attackers to poison popular packages, trigger malicious post-install behavior, and deliver a cross-platform RAT into developer environments. From there, the malware targeted what matters most, crypto wallets, browser credentials, Telegram sessions, SSH keys, screenshots, and keystrokes.
This was not just a package compromise. It was a direct attack on the systems developers use to build, sign, deploy, and access critical infrastructure.
Why This Threat Spreads So Fast
Supply chain malware succeeds because trusted automation executes before suspicion begins:
- Developers install packages as part of normal workflows
- Post-install scripts run silently in the background
- Trusted platforms like Hugging Face make payload traffic look legitimate
- Cross-platform RATs reach Windows, macOS, and Linux systems
- Stolen SSH keys and tokens can open the door to broader compromise
Once a poisoned dependency is pulled into a workstation or build environment, the attacker does not need to break in. The development process runs the attack for them.
Where Xcitium Changes the Outcome
For organizations using Xcitium Advanced EDR, this attack fails at execution.
- Trojanized package payloads are isolated the moment they run
- Post-install malware cannot freely launch backdoors or steal credentials
- Code can run without being able to cause damage
- Wallet theft, keylogging, screenshot capture, and persistence attempts are stopped before impact
- The supply chain attack loses its ability to turn developer trust into compromise
With Xcitium in place, a poisoned npm package does not become a stolen wallet, stolen token, or breached development environment.
Secure the Developer Workstation Before the Package Runs
Modern supply chain attacks do not always exploit production. They exploit the people and systems that build production.
Protect developer endpoints.
Stop malicious dependencies at execution.
Choose Xcitium, powered by the patented Zero-Dwell platform.
