Not pretty, not Windows-only: npm phishing attack laces popular packages with malware – Source: go.theregister.com

The popular npm package “is” was infected with cross-platform malware, around the same time that linting utility packages used with the prettier code formatter were infected with Windows-only malware.

This was likely caused by a phishing attack using a typosquatted clone of the official npm site.

The “is” package is used for JavaScript type testing and is downloaded around 2.7 million times a week. Version 3.3.1 includes an obfuscated JavaScript malware loader, as reported by the team at Socket, which provides a security platform for developers.

The malware captures data including all environment variables (often a source of secrets such as credentials), exfiltrates them via a WebSocket connection, and provides the attacker with an interactive remote shell. The malware runs on Node.js on macOS, Linux and Windows, and persists itself if possible by overwriting an index.js file so that even deleting the node_modules directory, which stores downloaded packages, will not remove it.

Maintainer Jordan Harband reported the problem last weekend, stating that it was “due to another maintainer’s account being hijacked.” According to a thread on Bluesky Harband himself was deceived by an email from a former package owner who had been removed and asked to be re-added.

“Everything seemed normal, so I obliged (irritated that npm would remove an owner without notifying the other owners) and the next morning this was published,” he said.

Socket also found malicious releases of the got-fetch package following another maintainer account compromise. 

The incident coincides with the compromise of another set of packages related to (but not including) the prettier code formatter, including eslint-config-prettier and eslint-plugin-prettier. Maintainer Joun Qin received an email apparently from npm asking for email verification. The email linked to npnjs – note npn and not npm – which was a clone site designed to grab credentials.

“I was tricked by a phishing email and a new npm token was added and leaked then some popular packages I’m maintaining were released with malicious software,” Qin said on X.

The infected packages included a Windows DLL (dynamic linked library) which results in an attack on the Chrome browser and stolen configuration files, according to an analysis by cybersecurity company InvokeRE.

Qin did check the sending email address of the phishing email which came from npmjs.org – a domain owned by npm but not normally used for email and therefore lacking DMARC (domain-based message authentication) security. NPM emails normally come from the npmjs.com domain.

• LLMs can’t stop making up software dependencies and sabotaging everything
• GitHub supply chain attack spills secrets from 23,000 projects
• Massive spike in use of .es domains for phishing abuse
• AI hallucinates software packages and devs download them – even if potentially poisoned with malware

Npm packages are a valuable target for attackers. Developer machines are often a source of valuable credentials, packages are automatically downloaded as dependencies, and there is potential for further infection of deployed applications. The combination of compromised packages and agentic AI, which might download packages without human oversight, could be a perfect storm of automated malware distribution.

Harband also said on X that a new initiative from Google called OSS rebuild is “the actual solution for the thing that provenance will always fail to achieve.” Google’s project rebuilds a package from source and compares it with the version in the registry, with support for npm, PyPi and Crates.io – therefore covering Node.js, Python and Rust.

“Most packages obtain protection effortlessly without user or maintainer intervention,” said the Google Open Source Security Team.

Whether it is OSS rebuild, or something else, the latest npm incident shows that blindly downloading packages, even from the standard official repositories, is a significant risk.