Poisoned Packages: A New Attack Hits the npm Ecosystem
Researchers at Socket have disclosed a new attack against the npm ecosystem, in which more than 40 packages were discovered to be laced with embedded malicious code. The compromise mechanism was meticulously engineered: it exploited the NpmModule.updatePackage function to download a package archive, alter its metadata in package.json, insert an additional script named bundle.js, then repackage and republish the modified version. This process enabled the seamless injection of a Trojan and the automatic infection of dependent projects.
The attack’s primary objective was the theft of developer credentials and tokens. The malicious script downloaded and executed TruffleHog — a legitimate tool for secret discovery — repurposed by attackers to scour systems for access keys. Among the targeted data were environment variables holding GitHub and npm tokens, as well as AWS credentials. The mechanism functioned on both Windows and Linux, greatly broadening the attack surface.
Bundle.js interfaced directly with online services: it validated npm tokens via the whoami endpoint, queried the GitHub API when credentials were present, and even accessed cloud platform metadata to extract temporary keys from CI/CD environments. Harvested data was funneled to an external server through a specially crafted webhook. Additionally, the script implanted a new workflow in the .github/workflows directory, persisting within repositories and ensuring continuous exfiltration each time a pipeline was triggered — leaving the threat active even after initial cleanup.
The roster of compromised packages proved extensive, including:
- angulartics2@14.1.2
- @ctrl/react-adsense@2.0.2
- ngx-toastr@19.0.2
- json-rules-engine-simplified
- koa2-swagger-ui
- rxnt-authentication
- react-jsonschema-form-extras
- swc-plugin-component-annotate
and many others. Popular community libraries from NativeScript, such as ui-collectionview and ui-material-core, were also affected. With so many dependencies carrying malicious code, a cascading effect emerged — downstream projects were automatically infected, often without awareness.
Experts at StepSecurity stressed that the self-propagating nature of the attack is particularly alarming: the implanted mechanism could integrate itself into new builds, triggering a chain reaction of infections across the npm ecosystem. This model drastically amplifies the risk of widespread compromise.
Developers are urged to audit their environments, check for the listed packages, and, if necessary, immediately revoke and regenerate npm tokens, GitHub keys, and cloud credentials, as these may already have been exposed. Without such steps, threats could persist silently within CI pipelines, granting attackers ongoing access to artifacts and sensitive data.
Meanwhile, the Rust Security Response working group warned of a phishing campaign targeting crates.io users. Attackers distributed emails from a spoofed domain — rustfoundation[.]dev — falsely claiming that the infrastructure had been compromised and urging recipients to reset their passwords. The phishing page mimicked GitHub authentication and was designed to harvest login credentials. The legitimate Rust Foundation clarified that it has no connection to this domain, confirmed that crates.io remains fully operational, and noted that suspicious activity is under monitoring. Although the rogue domain has since been taken offline, the campaign underscored how adversaries exploit trust in official projects to target developers.
In summary, the open-source ecosystem has simultaneously faced two distinct threats — the compromise of npm packages and a phishing campaign against the Rust community — highlighting the growing prevalence of supply chain attacks in modern software development.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
