An active campaign named ‘PhantomRaven’ is currently targeting developers with dozens of malicious npm packages designed to steal authentication tokens, CI/CD secrets, and GitHub credentials.
This malicious activity began in August and deployed 126 npm packages, which collectively recorded over 86,000 downloads.
Attack Method and Evasion
The Node Package Manager (NPM) is the default package manager for Node.js, allowing JavaScript developers to share and install reusable code. PhantomRaven was detected by researchers at Koi Security. The malicious packages used in the campaign often mimic legitimate projects, and many are the result of AI hallucinated recommendations—a technique known as slopsquatting.
Slopsquatting happens when developers ask Large Language Models (LLMs) to suggest packages for a project, and the AI suggests non existent package names that appear authentic. The researchers noted that some malicious packages impersonate tools from GitLab or Apache.
The core of the attack is a remote dynamic dependencies (RDD) system. The packages declare zero dependencies in their files, but automatically fetch payloads from external URLs during installation. This mechanism fetches and executes the malicious code when a user runs npm install, requiring no further user interaction.
Data Theft and Risk
The side loaded payload first profiles the infected device to determine its value and searches the victim’s environment variables for email addresses. Most worryingly, the malware collects sensitive tokens for NPM, GitHub Actions, GitLab, Jenkins, and CircleCI. These tokens could be used to introduce malicious changes into other projects, potentially launching dangerous supply chain attacks.
The operators behind the PhantomRaven campaign use three methods for data exfiltration: HTTP GET requests with data encoded in the URL, HTTP POST requests with JSON data, and through a WebSocket connection.
PhantomRaven evaded detection for an extended period because remote dynamic dependencies are not visible through static analysis, allowing sophisticated threat actors to bypass security scans. Koi Security advises software developers to ensure they are using legitimate packages published by reputable vendors. They should also avoid consulting LLMs for package suggestions and always double check search results to distinguish between authentic and malicious typosquatted projects.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
