{"id":14758,"date":"2025-09-09T12:19:13","date_gmt":"2025-09-09T12:19:13","guid":{"rendered":"https:\/\/newestek.com\/?p=14758"},"modified":"2025-09-09T12:19:13","modified_gmt":"2025-09-09T12:19:13","slug":"massive-npm-supply-chain-attack-hits-18-popular-packages-with-2b-weekly-downloads","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14758","title":{"rendered":"Massive npm supply chain attack hits 18 popular packages with 2B weekly downloads"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

A massive supply chain attack compromised 18 highly popular npm packages, which collectively received two billion weekly downloads, deploying sophisticated browser-based malware designed to steal cryptocurrency and web3 transactions from unsuspecting developers and end-users, and silently redirecting funds to attacker-controlled accounts, according to security firm Aikido.<\/p>\n

The attack began on September 8, when Aikido\u2019s threat intelligence systems detected malicious code being pushed to npm packages, including chalk (299.99 million weekly downloads), debug (357.6 million downloads), and ansi-styles (371.41 million downloads).<\/p>\n

The compromised packages contained obfuscated code that \u201csilently intercepts crypto and web3 activity in the browser, manipulates wallet interactions, and rewrites payment destinations so that funds and approvals are redirected to attacker-controlled accounts without any obvious signs to the user,\u201d Aikido researchers said in a blog post<\/a>.<\/p>\n

\u201cOur analysis strongly indicated this was orchestrated by a single threat actor group,\u201d Charlie Eriksen, lead malware researcher at Aikido told CSO Online. \u201cWhat was striking was their relatively unsophisticated approach \u2013 they were using off-the-shelf obfuscation tools and their execution suggested operational carelessness. Frankly, if they really wanted to maximize the impact of compromising packages with 2 billion weekly downloads, they left quite a lot of opportunities on the table.\u201d<\/p>\n

The attack represented the latest in a series of npm supply chain attacks that targeted enterprise developers in recent weeks. In late August, security firm Wiz reported<\/a> a separate AI-powered campaign that compromised the Nx build system and exposed thousands of developer credentials, while JFrog discovered eight additional malicious React packages using multi-layer obfuscation techniques.<\/p>\n

Phishing campaign exploited npm trust model<\/h2>\n

The attack originated from a sophisticated phishing campaign that exploited the fundamental trust relationships within the npm ecosystem. Threat actors registered the typosquatted<\/a> domain npmjs.help on September 5, just three days before launching their campaign, and used it to impersonate legitimate npm administrative communications.<\/p>\n

\u201cThe maintainer shared that he was compromised by the use of phishing, using this email coming from support [at] npmjs [dot] help,\u201d the blog post said. The domain was designed to closely mimic the legitimate npmjs.org domain, with attackers sending emails that appeared to come from official npm support channels.<\/p>\n

The scale of the compromise became apparent as Aikido\u2019s threat intelligence systems tracked the systematic updating of multiple high-profile packages.<\/p>\n

\u201cThe above packages all started having new versions released,\u201d researchers noted in the blog post, with each update containing hidden malicious payloads. One compromised maintainer, after being notified by Aikido, confirmed the breach on social media, stating he was \u201caware of being compromised, and starting to clean up the compromised packages.\u201d<\/p>\n

However, the damage was already significant. \u201cThe author appeared to have deleted most of the compromised package before losing access to his account. At the time of writing, the package simple-swizzle was still compromised,\u201d researchers reported, highlighting how attackers maintained persistence even after initial discovery.<\/p>\n

At 16:58 UTC on September 8, Aikido detected another compromised package, proto-tinker-wc@0.1.87, \u201ccompromised by what appeared to be the same attackers,\u201d confirming the coordinated campaign.<\/p>\n

Financial impact surprisingly limited<\/h2>\n

Despite affecting packages with 2 billion weekly downloads, the actual financial impact was surprisingly modest. \u201cWe were tracking approximately $970 in stolen funds to attacker-controlled wallets,\u201d Eriksen said, highlighting a significant disconnect between the attack\u2019s potential reach and its realized damage.<\/p>\n

This limited financial impact reflected both the attackers\u2019 operational carelessness and their targeted approach to cryptocurrency transactions, rather than broader data theft or system compromise.<\/p>\n

Cryptocurrency exchanges identified as primary targets<\/h2>\n

The attack\u2019s browser API-level operation revealed critical blind spots in enterprise security monitoring, particularly for organizations handling cryptocurrency transactions. \u201cThe biggest risk so far would be for crypto exchanges, if they were compromised,\u201d Eriksen said. \u201cThe malware was designed to be run on trading\/exchange portals, intercepting whenever a user would attempt to make a crypto transfer.\u201d<\/p>\n

This targeting strategy reflected the attackers\u2019 specific focus on financial gain rather than broader system compromise. \u201cThis browser API-level operation completely bypassed traditional file-based detection,\u201d Eriksen explained. \u201cCurrent enterprise security tools were largely blind to this type of pre-deployment compromise \u2013 organizations needed fundamentally different monitoring approaches that scan dependencies before code even entered their environment.\u201d<\/p>\n

The malware operated as what Aikido described as \u201cessentially a browser-based interceptor that hijacked both network traffic and application APIs.\u201d The technical implementation demonstrated understanding of web3 applications, with complex logic designed to identify and replace cryptocurrency addresses across multiple blockchain networks, recognizing address formats for Ethereum, Bitcoin, Solana, Tron, Litecoin, and Bitcoin Cash.<\/p>\n

Despite the massive potential for damage, the enterprise community \u201cgot lucky this time that the attackers were very specific in their goals, and didn\u2019t do more damage,\u201d Eriksen said.<\/p>\n

Expert calls for systematic npm security reforms<\/h2>\n

The attack highlighted fundamental vulnerabilities in the npm ecosystem\u2019s trust model. \u201cThese recent attacks highlighted the need for better attestation and provenance,\u201d Eriksen said. \u201cThe fact that a simple phishing email was enough to compromise SUCH important packages, reaching such a significant portion of the JavaScript developer community, was problematic.\u201d<\/p>\n

Eriksen advocated for systematic changes to prevent similar compromises. \u201cPopular packages should only be publishable through signed GitHub Actions workflows that require pull request approvals,\u201d he added. \u201cIt was about creating a verifiable chain of custody from code commit to package publication.\u201d<\/p>\n

Such reforms would address the core vulnerability that enabled this attack \u2013 the ability for a single compromised maintainer account to push malicious updates to widely used packages. \u201cUsing tools to protect against supply chain attacks in the open-source ecosystem was becoming increasingly important,\u201d Eriksen said.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

A massive supply chain attack compromised 18 highly popular npm packages, which collectively received two billion weekly downloads, deploying sophisticated browser-based malware designed to steal cryptocurrency and web3 transactions from unsuspecting developers and end-users, and silently redirecting funds to attacker-controlled accounts, according to security firm Aikido. The attack began on September 8, when Aikido\u2019s threat intelligence systems detected malicious code being pushed to npm packages,… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14758","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14758","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14758"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14758\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14758"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14758"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14758"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}