Popular npm packages compromised

Unknown attackers have compromised several popular npm packages in a supply-chain attack.

Popular npm packages compromised

Several popular npm packages used in a number of web projects have been compromised and trojanized by unknown attackers. The attackers, through a phishing attack on maintainers, were able to gain access to at least one repository and injected the packages with malicious code used to hunt for cryptocurrency. Thus, all web applications that used trojanized versions of the packages were turned into cryptodrainers. And there can be quite a few of them — as the compromised packages had more than two billion downloads per day (according to Aikido Security).

What are the dangers of the trojanized packages used in this attack?

Obfuscated JavaScript was added to all affected packages. If the compromised package is used in a web application, the malicious code is activated on the devices that were used to access this application. Acting at the browser level, malware intercepts network traffic and API requests, and changes data associated with Ethereum, Bitcoin, Solana, Litecoin, Bitcoin Cash, and Tron cryptocurrency wallets. The malware spoofs their addresses and redirects transactions to the attackers’ wallets.

About three hours after the attack began, the npm administration started to remove the infected packages, but it’s not known exactly how many times they were downloaded during this time.

How the attackers managed to gain access to the repositories

The attackers used a rather banal technique — they created a phishing email in which maintainers were urged to update their two-factor authentication credentials at the first opportunity. Otherwise, they were threatened with account lockout starting September 10, 2025. The emails were sent from a mailbox on the domain npmjs[.]help, similar to the legitimate npmjs.com. The same domain also hosted a phishing site that mimicked the official npm registry page. Credentials entered on this site immediately fell into the hands of the attackers.

The attack was successful against at least one maintainer, compromising the npm packages color, debug, ansi-regex, chalk, and several others. However, the phishing attack appears to have been more extensive, because other maintainers and developers received similar phishing emails, so the full list of trojanized packages may be longer.


Leonid Bezververenko, Senior Security Researcher with the Global Research & Analysis Team (GReAT) comments:

The attack on npm packages with billions of downloads per week clearly demonstrates the vulnerability of supply chains in the open-source ecosystem. While the malicious payload in this case was limited — the attackers only managed to steal tens of dollars — the situation could have been much more serious.

Infected packages could have been used to compromise corporate servers, introduce backdoors into business process management systems, or steal sensitive data from customers and partners. In such a scenario, we could have seen a large-scale compromise similar to the XZ attack: companies that integrated malicious libraries into internal services or SaaS products could have passed the infection on to hundreds or thousands of corporate customers.

As with XZ case, the key factor of this incident was not a technical vulnerability, but the human factor — a developer of popular npm packages fell victim to a phishing email. Experience shows that maintainers of widely used open-source software remain an attractive target for attackers, because compromising one project can jeopardize thousands of other systems.

This “domino effect” can turn a single mistake or instance of carelessness into an industry-wide problem.

Which packages were compromised?

At the time of writing this post, the following packages are known to be compromised:

  • ansi-regex
  • ansi-styles
  • backslash
  • chalk
  • chalk-template
  • color-convert
  • color-name
  • color-string
  • debug
  • error-ex
  • has-ansi
  • is-arrayish
  • simple-swizzle
  • slice-ansi
  • strip-ansi
  • supports-color
  • supports-hyperlinks
  • wrap-ansi

However, as we have already written above, the list may grow. You can keep an eye on the GitHub advisory page for updates.

How to stay safe

Kaspersky products, including Kaspersky NEXT, detect this threat with the verdicts Trojan-Banker.Script.Osthereum with various prefixes (HEUR, UDS, VHO) and modifications, such as HEUR:Trojan-Banker.Script.Osthereum.gen, and as Trojan.JS.Agent.exf with various prefixes.

You can search for them using masks:

  • *Trojan-Banker.Script.Osthereum*
  • *Trojan.JS.Agent.exf*

The phishing domain npmjs[.]help, which was used to hijack the maintainer accounts, is also detected by our products. In particular, all requests to this domain are detected by our network security solutions such as Kaspersky Anti Targeted Attack Platform.

Information about malicious packages has also been added to the Open-Source Software Threats Data Feed (and we continue to add new data as new malicious packages are discovered). Also, our analysts report the detection of infected packages to clients of the Kaspersky Managed Detection and Response service.

Developers are advised to audit the dependencies in their projects, and if one of the compromised packages was used there, pin the safe version using the overrides function in package.json. You can find more detailed instructions here.

Maintainers and developers with access to open source software repositories are advised to be doubly careful when receiving emails urging them to log into their accounts. Better yet — also use security solutions with an anti-phishing engine.

Tips

The pros and cons of AI-powered browsers

A race between tech giants is unfolding before our very eyes. Who’ll be the first to transform the browser into an AI assistant app? As you test these new products, be sure to consider their enormous impact on security and privacy.

  • For all other countries