Malicious NPM

4 packages analysed — write-ups on malicious NPM packages discovered in the wild

npm-2026-002 critical

chalk-logger-prettier

chalk-logger-prettier — SSH Backdoor, Filesystem Crawler & Telegram Session Theft

Malicious npm package masquerading as a CLI logging utility. The description — "Pretty colorized changelog-style logger with timestamps and level icons" — is entirely fabricated; the package contains no logging functionality. On import, it immediately executes a multi-stage payload without any function call required by the consumer: it appends a hardcoded attacker SSH public key to ~/.ssh/authorized_keys, crawls the filesystem across Linux, Windows, and macOS for .env files, crypto-keyword JSON files, and documents, exfiltrates them in batches to a Vercel-hosted C2, and steals the Telegram Desktop tdata folder. Three versions were published across 12–14 March 2026. The package is published by the same npm account (bababa / bilalkilnaz.54@gmail.com) responsible for tracing-str (npm-2026-001), confirming a shared threat actor operating multiple malicious packages simultaneously. Notably, the package declares zero runtime dependencies despite making HTTP requests — dependencies are bundled into the compiled output to avoid appearing in dependency scanners.

#npm #malware #backdoor #ssh-persistence +5
Unknown — linked to npm-2026-001 (tracing-str) via shared publisher account
npm-2026-001 critical

tracing-str

tracing-str — SSH Backdoor & Environment Variable Stealer

Malicious npm package masquerading as an ethers.js utility. On import, it fetches an attacker-controlled SSH public key and appends it to the victim's ~/.ssh/authorized_keys, establishing persistent passwordless SSH access. It also harvests all environment variables — including secrets from the parent directory's .env file — and exfiltrates them to a Vercel-hosted C2. The C2 URL is base64-encoded to evade naive string scanning. Six versions were published across two days (9–10 March 2026), suggesting rapid iteration or version-bumping to avoid detection.

#npm #malware #backdoor #ssh-persistence +3
Unknown
npm-graphql-001 high

graphql-request-dom

graphql-request-dom — Info Stealer & RAT

Malicious package masquerading as a GraphQL library. On install it spawns four hidden modules: a reverse shell via socket.io, a browser credential stealer, a recursive file scanner, and a clipboard monitor. Stolen data and files are exfiltrated to a Hetzner-hosted C2 at 188[.]40[.]64[.]61 across three separate ports. At this time, the package appears to have no downloads.

#npm #malware #info-stealer #RAT +1
Unknown