npm

According to SlowMist monitoring, a new type of Rust supply chain malware activity named IronWorm is attacking developer environments and the Web3 ecosystem through malicious npm packages. Potential attack behaviors include credential theft, wallet mnemonic and password theft, GitHub repository tampering, malicious package publishing, CI/CD secret leakage, Tor-based command control, and eBPF rootkit stealth.Security teams should audit the repository for backtracked commits, suspicious branches, unexpected build hooks, and commits from automated identities such as claude, dependabot, renovate, or github-actions. It is recommended to remove or deprecate affected package versions, publish clean versions, rotate all leaked keys and tokens, review GitHub Actions artifacts, and rebuild potentially compromised development or CI systems from clean images.

SlowMist has issued a security alert, detecting an active npm supply chain attack targeting @redhat-cloud-services related packages. Currently, over 31 packages have been confirmed affected, with a weekly download volume of approximately 116,000 times, and stolen credentials exist in more than 300 GitHub repositories. This attack method is highly similar to the previous "Shai-Hulud" npm attack, including credential theft, creation of malicious repositories, and automated secret leakage. New suspicious repositories continue to emerge, indicating that the attack is still ongoing, and developers are still being continuously infected.Potential harms include: theft of GitHub/npm tokens, leakage of AWS/GCP/Azure cloud credentials, collection of SSH keys and Kubernetes secrets, leakage of local environment and wallet data, creation of malicious repositories and persistence operations, and even potentially destructive actions after tokens are revoked. It is recommended to immediately remove or downgrade affected @redhat-cloud-services package versions, conduct a comprehensive audit of CI/CD workflows and dependency installations, rotate all GitHub, npm, cloud service, SSH, and wallet-related keys, retain logs, and rebuild exposed developer machines or Runners from clean images while maintaining a high level of vigilance.

According to Slow Fog's disclosure, the security agency MistEye detected a cross-registry supply chain attack incident, where attackers targeted developers in the fields of cryptocurrency, DeFi, Solana, Sui/Move, and AI by publishing malicious packages on npm, PyPI, and crates.io. This attack activity includes more than 34 malicious packages and over 384 related versions. The attackers may steal cryptocurrency wallets, SSH keys, cloud credentials, GitHub/AWS tokens, browser data, environment variables, and developers' confidential information.Some of the malicious payloads also attempted to achieve persistence through .cursorrules, CLAUDE.md, Git hooks, shell hooks, cron, systemd, and SSH. Developers are advised to immediately remove the affected packages, isolate the affected systems, retain logs, rotate exposed credentials, rebuild CI environments and developer machines from clean images, and review GitHub, cloud services, SSH, and wallet activity logs.

According to the blockchain security organization SlowMist (@SlowMist_Team), a highly complex npm worm named "Mini Shai-Hulud" is spreading through well-known developer projects such as TanStack, UiPath, and DraftLab, as monitored by their threat monitoring system MistEye. Attackers hijack GitHub credentials to publish malicious packages disguised as legitimate updates, embedding a hidden script router_init.js that runs silently in CI/CD environments like GitHub Actions, specifically designed to steal CI/CD keys, cloud infrastructure keys, and cryptocurrency wallet information, using GitHub's own infrastructure for data exfiltration.SlowMist has synchronized relevant threat intelligence (IOC) with clients and recommends that projects using the affected packages immediately check their CI/CD pipelines for the presence of the router_init.js file, rotate all exposed GitHub, cloud service, and cryptocurrency credentials, and continuously monitor for abnormal background activities in the development environment.

The attacker stole the npm access token of the chief maintainer of Axios, the most popular HTTP client library for JavaScript, and used that token to publish two malicious versions containing cross-platform remote access trojans (RATs) ([email protected] and [email protected]), targeting macOS, Windows, and Linux systems. The malicious packages were removed from the npm registry about 3 hours after being published.According to data from security company Wiz, Axios is downloaded over 100 million times weekly and exists in about 80% of cloud and code environments. Security company Huntress detected the first infections just 89 seconds after the malicious packages went live and confirmed that at least 135 systems were compromised during the exposure window. Notably, the Axios project had previously deployed modern security measures such as OIDC trusted publishing mechanisms and SLSA provenance proofs, but the attacker completely bypassed these defenses. Investigations revealed that while configuring OIDC, the project retained the traditional long-lived NPM_TOKEN, and npm defaults to using the traditional token when both coexist, allowing the attacker to publish without breaching OIDC.

Slow Fog has once again issued a security reminder stating to pay attention to checking for malicious versions of axios and the exposure risk of OpenClaw npm global installation history. [email protected] and [email protected] have been confirmed as malicious versions, both of which have injected the dependency [email protected], delivering cross-platform malicious payloads through the postinstall script.The impact of OpenClaw is assessed based on scenarios: source code builds are not affected, as the locked versions in the lock file are 1.13.5/1.13.6; however, users who installed via npm install -g [email protected] face historical exposure risks due to the presence of optionalDependencies.axios@^1.7.4 in the dependency chain, which may resolve to [email protected] during the time window when the malicious version is still online. Currently, npm has reverted the resolution to [email protected], but environments that were installed during the attack window are still advised to be checked. Slow Fog has provided inspection commands and IoC paths for various platforms; if the plain-crypto-js directory is found, even if the package.json has been cleaned, it should still be regarded as high-risk execution traces. It is recommended that affected hosts immediately rotate credentials and conduct host-side inspections. Previously, Slow Fog founder Yu Xian reminded that OpenClaw version 3.28 may introduce a toxic version of axios, and users need to urgently check.

According to market news, Socket has detected that version 1.14.1 of the npm core package axios is experiencing an active supply chain attack. The attacker injected a malicious dependency package to implant malicious code into axios. Developers using axios are advised to immediately pin the version and review the project's lock files.

According to Cryptopolitan, a new type of malware called GhostClaw is targeting cryptocurrency wallets on macOS devices.This malware disguised itself as a legitimate OpenClaw CLI tool and was present in the npm registry for a week before being removed after infecting 178 developers. Once developers run the "npm install" command, a hidden script globally installs the GhostClaw package and evades detection through obfuscated configuration files. GhostClaw scans the clipboard every three seconds, capturing private keys, seed phrases, public keys, and other cryptocurrency wallet and transaction-related data.After the second stage payload is downloaded, GhostLoader scans for cryptocurrency wallet data in the Chromium browser, macOS Keychain, and system storage, clones browser sessions to gain access to logged-in wallets, and steals API Tokens that connect to AI platforms such as OpenAI and Anthropic. The stolen data is sent to the attackers via Telegram, GoFile, and command servers.

According to 23pds, the Chief Information Security Officer of Slow Fog Technology, an intelligence system has discovered a malicious npm package named "@openclaw-ai/openclawai" that is implementing a multi-layer attack.This malicious package disguises itself as a legitimate command-line tool called OpenClaw Installer, aimed at stealing sensitive user information, including system credentials, cryptocurrency wallet private keys, browser data, SSH keys, and Apple Keychain database, among others.

According to GMGN data, the BAGS ecosystem Meme token NPM experienced a short-term sharp decline, with its market value dropping from a peak of $8.9 million to $800,000, a decline of over 80% in 1 hour, and a trading volume of $13.2 million within 5 hours of its launch.It is reported that the narrative of the NPM token pays tribute to Isaac Z. Schlueter, the founder of the world's largest package manager NPM, who is hailed as the "God of Programming."ChainCatcher reminds users that Meme coins generally have no practical use cases, and their price volatility is significant, so investment should be approached with caution.

The Chief Information Security Officer of Slow Fog Technology, 23pds, has issued a security alert regarding the latest variant of the NPM supply chain attack, "Shai-Hulud 3." All project teams and platforms are advised to take precautions. It was previously suspected that the leak of the Trust Wallet API key could have led to the Shai-Hulud 2 attack.Shai-Hulud is a series of self-propagating worm-like supply chain attacks targeting the NPM ecosystem, aimed at stealing developer credentials, cloud keys, and environment secrets. The latest variant (referred to by the community as Shai-Hulud 3 or new strain) was discovered on December 28, 2025, by Aikido Security researcher Charlie Eriksen. The current spread is limited and may only be in the testing phase.

Chief Information Security Officer of Slow Fog Technology 23pds issued a security alert, the latest variant of the NPM supply chain attack "Shai-Hulud 3" is once again on the rise. All project parties and platforms are advised to take precautions. It was previously suspected that the leak of the Trust Wallet API key might have led to the Shai-Hulud 2 attack.

ChainCatcher message, Scam Sniffer has detected another attack on the NPM supply chain. The package @ctrl/tinycolor (with 2.2 million downloads per week) has released a malicious version that runs an information-stealing program during the npm postinstall script execution to scan and steal sensitive data.This malicious payload abused the legitimate sensitive information scanning tool TruffleHog. Please check if you have downloaded the affected version, pause any installation/update operations, and pin the version to a known safe version.

ChainCatcher news, DuckDB's official Twitter account stated that the DuckDB Node.js and Wasm packages were compromised with malware in a recent npm supply chain attack. The official team has investigated and deprecated the affected versions, while releasing new versions. DuckDB stated that, according to npm data, no users have downloaded the affected packages. The team has released a security announcement detailing the post-analysis and response measures.

ChainCatcher message, Slow Mist Technology's Chief Information Security Officer 23 pds posted on X platform that the DuckDB NPM account was compromised, and malicious versions such as duckdb, duckdb-wasm, etc. were released. These malware are consistent with wallet-stealing malware seen in supply chain attacks. Please be aware of risk prevention.

ChainCatcher news, according to CertiK Alert monitoring, the NPM account of developer Qix has been phished, with attackers injecting malicious code into npm. According to Security Alliance, the attackers seem to have profited only about 0.05 dollars worth of ETH and 20 dollars worth of Meme coins.Earlier reports indicated that Ledger's Chief Technology Officer Charles Guillemet stated, "A large-scale supply chain attack is currently underway: the NPM account of a well-known developer has been compromised. The affected package has been downloaded over 1 billion times, which means the entire JavaScript ecosystem may be at risk. The malicious code works by silently altering cryptocurrency addresses in the background to steal funds."

ChainCatcher message, according to market news, well-known developer qix has had npm packages injected with malicious code due to a phishing attack, with related packages including chalk, strip-ansi, color-convert, etc.The attack method involves hooking wallet functions, tampering with ETH/SOL transaction receiving addresses, and replacing addresses in network responses. User advice: be sure to verify the recipient and amount in the wallet interface, check for address changes after pasting, review recent transactions, and prioritize using hardware wallets for high-value operations.

ChainCatcher message, the Socket Security Research Team has discovered four malicious npm packages that target Binance Smart Chain (BSC) and Ethereum users' wallets. These packages are pancake_uniswap_validators_utils_snipe (350 downloads), pancakeswap-oracle-prediction (445 downloads), ethereum-smart-contract (305 downloads), and env-process (1,054 downloads), with a total download count exceeding 2,100.The attackers use obfuscated JavaScript code to calculate the percentage of the target wallet balance and attempt to transfer up to 85% of the assets to a wallet address under their control.

ChainCatcher message, according to monitoring by the crypto security research organization Aikido Security, the official XRPL NPM package has been found to have a security vulnerability. This backdoor program steals user private keys and sends them to the attacker. The affected versions are 4.2.1 to 4.2.4, and Aikido Security recommends that users on earlier versions refrain from upgrading.