At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could lead to a disruptive malware outbreak that is far more difficult to detect and restrain.<\/p>\n
![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/09\/npmjshelp.png?resize=750%2C567&ssl=1\")
<\/p>\nThis phishing email lured a developer into logging in at a fake NPM website and supplying a one-time token for two-factor authentication. The phishers then used that developer\u2019s NPM account to add malicious code to at least 18 popular JavaScript code packages.<\/p>\n<\/div>\n
Aikido<\/strong> is a security firm in Belgium that monitors new code updates to major open-source code repositories, scanning any code updates for suspicious and malicious code. In a blog post published today, Aikido said its systems found malicious code had been added to at least 18 widely-used code libraries available on NPM<\/strong><\/a> (short for) \u201cNode Package Manager,\u201d which acts as a central hub for JavaScript development and the latest updates to widely-used JavaScript components.<\/p>\n JavaScript is a powerful web-based scripting language used by countless websites to build a more interactive experience with users, such as entering data into a form. But there\u2019s no need for each website developer to build a program from scratch for entering data into a form when they can just reuse already existing packages of code at NPM that are specifically designed for that purpose.<\/p>\n Unfortunately, if cybercriminals manage to phish NPM credentials from developers, they can introduce malicious code that allows attackers to fundamentally control what people see in their web browser when they visit a website that uses one of the affected code libraries.<\/p>\n According to Aikido, the attackers injected a piece of code that silently intercepts cryptocurrency activity in the browser, \u201cmanipulates wallet interactions, and rewrites payment destinations so that funds and approvals are redirected to attacker-controlled accounts without any obvious signs to the user.\u201d<\/p>\n \u201cThis malware is essentially a browser-based interceptor that hijacks both network traffic and application APIs,\u201d Aikido researcher Charlie Eriksen<\/strong> wrote<\/a>. \u201cWhat makes it dangerous is that it operates at multiple layers: Altering content shown on websites, tampering with API calls, and manipulating what users\u2019 apps believe they are signing. Even if the interface looks correct, the underlying transaction can be redirected in the background.\u201d<\/p>\n Aikido said it used the social network Bsky to notify the affected developer, Josh Junon<\/strong>, who quickly replied that he was aware of having just been phished. The phishing email that Junon fell for was part of a larger campaign that spoofed NPM and told recipients they were required to update their two-factor authentication (2FA) credentials. The phishing site mimicked NPM\u2019s login page, and intercepted Junon\u2019s credentials and 2FA token. Once logged in, the phishers then changed the email address on file for Junon\u2019s NPM account, temporarily locking him out.<\/p>\n Aikido notified the maintainer on Bluesky, who replied at 15:15 UTC that he was aware of being compromised, and starting to clean up the compromised packages.<\/p>\n<\/div>\n Junon also issued a mea culpa on HackerNews<\/a>, telling the community\u2019s coder-heavy readership, \u201cHi, yep I got pwned.\u201d<\/p>\n \u201cIt looks and feels a bit like a targeted attack,\u201d Junon wrote. \u201cSorry everyone, very embarrassing.\u201d<\/span><\/p>\n Philippe Caturegli<\/strong>, \u201cchief hacking officer\u201d at the security consultancy Seralys<\/a>, observed that the attackers appear to have registered their spoofed website \u2014 npmjs[.]help \u2014 just two days before sending the phishing email. The spoofed website used services from dnsexit[.]com, a \u201cdynamic DNS\u201d company that also offers \u201c100% free\u201d domain names that can instantly be pointed at any IP address controlled by the user.<\/p>\n Junon\u2019s mea cupla on Hackernews today listed the affected packages.<\/p>\n<\/div>\n Caturegli said it\u2019s remarkable that the attackers in this case were not more ambitious or malicious with their code modifications.<\/p>\n \u201cThe crazy part is they compromised billions of websites and apps just to target a couple of cryptocurrency things,\u201d he said. \u201cThis was a supply chain attack, and it could easily have been something much worse than crypto harvesting.\u201d<\/p>\n Akito\u2019s Eriksen agreed, saying countless websites dodged a bullet because this incident was handled in a matter of hours. As an example of how these supply-chain attacks can escalate quickly, Eriksen pointed to another compromise of an NPM developer in late August<\/a> that added malware to \u201cnx<\/strong>,\u201d an open-source code development toolkit with as many as six million weekly downloads.<\/p>\n In the nx compromise, the attackers introduced code that scoured the user\u2019s device for authentication tokens from programmer destinations like GitHub and NPM, as well as SSH and API keys. But instead of sending those stolen credentials to a central server controlled by the attackers, the malicious code created a new public repository in the victim\u2019s GitHub account, and published the stolen data there for all the world to see and download.<\/p>\n Eriksen said coding platforms like GitHub and NPM should be doing more to ensure that any new code commits for broadly-used packages require a higher level of attestation that confirms the code in question was in fact submitted by the person who owns the account, and not just by that person\u2019s account.<\/p>\n \u201cMore popular packages should require attestation that it came through trusted provenance and not just randomly from some location on the Internet,\u201d Eriksen said. \u201cWhere does the package get uploaded from, by GitHub in response to a new pull request into the main branch, or somewhere else? In this case, they didn\u2019t compromise the target\u2019s GitHub account. They didn\u2019t touch that. They just uploaded a modified version that didn\u2019t come where it\u2019s expected to come from.\u201d<\/p>\n Eriksen said code repository compromises can be devastating for developers, many of whom end up abandoning their projects entirely after such an incident.<\/p>\n \u201cIt\u2019s unfortunate because one thing we\u2019ve seen is people have their projects get compromised and they say, \u2018You know what, I don\u2019t have the energy for this and I\u2019m just going to deprecate the whole package,’\u201d Eriksen said.<\/p>\n Kevin Beaumont<\/strong>, a frequently quoted security expert who writes about security incidents at the blog doublepulsar.com, has been following this story closely today in frequent updates to his account on Mastodon<\/a>. Beaumont said the incident is a reminder that much of the planet still depends on code that is ultimately maintained by an exceedingly small number of people who are mostly overburdened and under-resourced.<\/p>\n \u201cFor about the past 15 years every business has been developing apps by pulling in 178 interconnected libraries written by 24 people in a shed in Skegness,\u201d Beaumont wrote on Mastodon. \u201cFor about the past 2 years orgs have been buying AI vibe coding tools, where some exec screams \u2018make online shop\u2019 into a computer and 389 libraries are added and an app is farted out. The output = if you want to own the world\u2019s companies, just phish one guy in Skegness.\u201d<\/p>\n Image: https:\/\/infosec.exchange\/@GossiTheDog@cyberplace.social.<\/p>\n<\/div>\n Aikido recently launched a product that aims to help development teams ensure that every code library used is checked for malware before it can be used or installed. Nicholas Weaver<\/strong>, a researcher with the International Computer Science Institute, a nonprofit in Berkeley, Calif., said Aikido\u2019s new offering exists because many organizations are still one successful phishing attack away from a supply-chain nightmare.<\/p>\n Weaver said these types of supply-chain compromises will continue as long as people responsible for maintaining widely-used code continue to rely on phishable forms of 2FA.<\/p>\n \u201cNPM should only support phish-proof authentication,\u201d Weaver said, referring to physical security keys<\/a> that are phish-proof \u2014 meaning that even if phishers manage to steal your username and password, they still can\u2019t log in to your account without also possessing that physical key.<\/p>\n \u201cAll critical infrastructure needs to use phish-proof 2FA, and given the dependencies in modern software, archives such as NPM are absolutely critical infrastructure,\u201d Weaver said. \u201cThat NPM does not require that all contributor accounts use security keys or similar 2FA methods should be considered negligence.\u201d<\/p>\n<\/div>\n![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/09\/junon-bsky.png?resize=766%2C418&ssl=1\")
<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/09\/junon-hn.png?resize=690%2C881&ssl=1\")
<\/p>\n![\"\"](\"https:\/\/i0.wp.com\/krebsonsecurity.com\/wp-content\/uploads\/2025\/09\/gossi-skegness.png?resize=698%2C461&ssl=1\")
<\/p>\n