NPM Repository for publishing Node.js projects

2025: Malicious Package Detection

In October 2025, Kaspersky Lab specialists discovered a malicious https-proxy-utils package in the npm open source storage. It is disguised as legitimate tools for using proxies in projects and allows you to install the AdaptixC2 framework on compromised developer devices - an open source analogue of the famous Cobalt Strike. As of October 2025, the malicious package has been removed. Kaspersky Lab announced this on October 17, 2025.

AdaptixC2. This is an open architecture framework that appeared in 2024 and was originally created for use in Red Team operations. Like Cobalt Strike, it can be exploited for malicious purposes and has already been seen in real incidents.

How it spreads. The package name resembles the names of the popular legitimate files http-proxy-agent and https-proxy-agent with approximately 70 and 90 million downloads per week, respectively. Inside is a post-installation script that downloads and runs the AdaptixC2. This allows attackers to gain remote access to the infected device, manage files and processes, as well as gain a foothold in the system in order to analyze the network and deploy subsequent stages. attacks

Adaptation for the victim's operating system. Attackers change the way the AdaptixC2 boots depending on which operating system the device runs on - Windows, Linux or macOS. For example, on Windows computers, they download the AdaptixC2 as a DLL file to the C :\Windows\Tasks system directory and run it using the Sideloading DLL technique. This is a type of attack when a malicious DLL (Dynamic Linked Library) is distributed along with a legitimate application that executes it.

The AdaptixC2 incident demonstrates a growing trend of using open source software storage as an attack vector. Users and organizations that develop or use open source software from ecosystems such as npm in their products are subject to similar threats, "said Vladimir Gursky, a threat researcher at Kaspersky Lab. - We also see that attackers are taking note of increasingly complex methods to hide known tools. In the described campaign, they used the Sideloading DLL technique, which is becoming more popular and seen in incidents both in Russia and in other countries. For example, with its help, the dangerous styler Lumma is distributed. This technique is quite difficult to detect without the use of modern protective equipment and AI technologies.

To strengthen the protection of companies from cyber attacks with library substitution (DLL Hijacking), Kaspersky Lab has implemented functionality in its SIEM system Kaspersky Unified Monitoring and Analysis Platform, which continuously analyzes information about all loaded libraries. It is implemented on the basis of a machine learning model, which is able to distinguish events similar to DLL Hijacking and separate them from others.

To counter such a threat, Kaspersky Lab recommends:

• Apply a dedicated open source component monitoring solution
• check the reliability of the package developer, pay attention to the presence of a consistent version history, documentation and an active problem tracker;
• be vigilant when installing open source modules: verify the accuracy of the name of the downloaded package, and check unpopular and new repositories more carefully.
• monitor the landscape of cyber threats: subscribe to bulletins from developers of open source packages;
• use the capabilities of AI to detect cyber attacks with library substitution (DLL Hijacking);
• to protect personal and corporate devices, use reliable security solutions, the effectiveness of which is confirmed by independent tests.

2023: Identifying 15,000 phishing and spam packages

On February 26, 2023, it became known that an attack on NPM directory users was recorded, as a result of which on February 20, 2023, more than 15 thousand packages were posted in the NPM repository, in the README files of which there were links to phishing sites or referral links, for transitions for which deductions are paid. During the analysis, 190 unique phishing or advertising links covering 31 domains were identified in the packages.

NPM. Illustration: habr.com.

As reported, the names of the packages were chosen to attract the interest of ordinary people, for example, "free-tiktok-followers" "free-xbox-codes," "instagram-followers-free," etc. The calculation was made to fill the list of recent updates with spam packages on the NPM main page. The description of the packages included links promising free giveaways, gifts, game cheats, as well as free services for winding up subscribers and likes on social networks such as TikTok and Instagram. This is not the first such attack; in December, the publication of 144 thousand spam packets was recorded in the NuGet, NPM and PyPi directories.

The contents of the packages were generated automatically using a python-script, which, apparently, due to oversight, was left in the packages and included working accounts data used during the attack. The packages were published under many different accounts using methods that complicate the untangling of traces and the operational of identification problem packages.

In addition to fraudulent actions in the NPM and PyPi repositories, several attempts to publish malicious packages have also been identified:

• In the PyPI repository, 451 malicious packages were found that masqueraded as some popular libraries using typesquoting (assigning similar names that differ in individual characters, for example, vper instead of vyper, bitcoinnlib instead of bitcoinlib, ccryptofeed instead of cryptofeed, ccxt instead of ccxt, cryptocommpare instead of cryptocompare, selium selenium aller, pinster, etc.). The packages included an obfuscated code for stealing cryptocurrency, which determined the presence of crypto wallet identifiers in the clipboard and changed them to the attacker's wallet (it is assumed that when making a payment, the victim will not notice that the wallet number transferred through the clipboard is different). Substitution was carried out by an add-on embedded in the browser, which was performed in the context of each web page viewed.
• A series of malicious HTTP bibliotecs was detected in the PyPI repository. Malicious activity was found in 41 packages whose names were selected using typesquatting methods and resembled popular libraries (aio5, requestst, ulrlib, urllb, libhttps, piphttps, httpxv2, etc.). The filling was stylized as working HTTP libraries or copied the code of existing libraries, and the description provided statements about the advantages and comparisons with legitimate HTTP libraries. Malicious activity was reduced to either downloading malware ON to the system, or collecting and sending confidential data.
• NPM revealed 16 JavaScript packages (speedte, trova, lagra), which, in addition to the declared functionality (bandwidth testing), also contained code for mining cryptocurrency without the user's knowledge.
• NPM has identified 691 malicious packages. Most of the problem packages pretended to be Yandex projects (yandex-logger-sentry, yandex-logger-qloud, yandex-sendsms, etc.) and included code for sending confidential information to external servers. It is assumed that the placed packages tried to achieve the substitution of their own dependency when assembling projects in Yandex (the method of replacing internal dependencies). In the PyPI repository, the same researchers found 49 packets (reqsystem, httpxfaster, aio6, gorilla2, httpsos, pohttp, etc.) with obfuscated malicious code downloading and launching an executable file from an external server^[1].

2022

Distribute phishing packets through the repository

On December 15, 2022, it was reported that a campaign to distribute phishing packets was discovered by analysts from Checkmarx and Illustria, who worked together to investigate the incident. According to experts, the packages were downloaded from accounts using a certain naming scheme, had similar descriptions and led to the same cluster of 90 domains, on which more than 65,000 phishing pages were posted. Read more here.

Malicious packages in the repository

On February 24, 2022, it became known that an official repositories NPM 25-library was found harmful JavaScript stealing Discord tokens and environment variables. Libraries use the so-called typesquatting - that is, their names are very similar to the names of legitimate libraries with a slight difference. In particular, they disguise themselves as colors.js, crypto-js, discord.js, marked and noblox.js, according to JFrog.

Source: bugfender.com

Attackers use stolen Discord tokens to gain unauthorized access to accounts without having to use a password. Through accounts hacked in this way, they distribute malicious links. Environment variables, such as key pair values, are used to store information related to the programming environment on the developer's computer, including API access tokens, keys for authorization, URL APIs, and account names.

List of malicious libraries:

• node-colors-sync (steals Discord tokens);
• color-self (steals Discord tokens);
• color-self-2 (steals Discord tokens);
• wafer-text (steals environment variables);
• wafer-countdown (steals environment variables);
• wafer-template (steals environment variables);
• wafer-darla (steals environment variables);
• lemaaa (steals Discord tokens);
• adv-discord-utility (steals Discord tokens);
• tools-for-discord (steals Discord tokens);
• mynewpkg (steals environment variables);
• purple-bitch (steals Discord tokens);
• purple-bitchs (steals Discord tokens);
• noblox.js-addons (steals Discord tokens);
• kakakaakaaa11aa (reverse shell);
• markedjs (tool for remote implementation of Python code);
• crypto-standarts (tool for remote implementation of Python code);
• discord-selfbot-tools (steals Discord tokens);
• discord.js-aployscript-v11 (steals Discord tokens);
• discord.js-selfbot-aployscript (steals Discord tokens);
• discord.js-selfbot-aployed (steals Discord tokens);
• discord.js-discord-selfbot-v4 (steals Discord tokens);
• colors-beta (steals Discord tokens);
• vera.js (steals Discord tokens);
• discord-protection (steals Discord tokens).

Two malicious packages, markedjs and crypto-standarts, differ from the rest in that their functionality fully corresponds to the legitimate versions of the marked and crypto-js libraries, but they can also inject additional malicious code. Python^[2]

Notes