Skip to main content
Live Webinar with SANS (June 25)— Agentic CTI Automation for Fun & ProfitRegister Free
Mallory
Back to malware
MalwareExploits 1 CVE

G_Wagon

G_Wagon is a multi-stage information stealer delivered via malicious npm packages (notably "ansi-universal-ui") identified by researchers on January 23, 2026. The campaign abuses npm’s postinstall lifecycle hook to execute a Node.js dropper during installation, which downloads a portable Python runtime and then retrieves/executes heavily obfuscated Python payloads from attacker infrastructure hosted on Appwrite. Later iterations reduced disk artifacts by piping the Python payload via stdin and added anti-forensics/cleanup behavior.

Capabilities and targeting (as described):

  • Credential and data theft from developer workstations, including browser credentials/passwords, cookies, and autofill data from Chrome/Edge/Brave.
  • Theft of cryptocurrency wallet data, including targeting data from 100+ browser wallet extensions (examples listed: MetaMask, Phantom, Coinbase Wallet, Trust Wallet, Ledger Live, Trezor Suite, Exodus, Atomic Wallet).
  • Theft of cloud/infrastructure secrets: AWS access keys/AWS CLI material, Azure authentication tokens/Azure CLI material, Google Cloud service account keys/Google Cloud SDK material, SSH private keys (~/.ssh/), and Kubernetes configs (~/.kube/config).
  • Theft of communication/auth artifacts including Discord tokens, Telegram session data (tdata), and Steam authentication files.

Platform-specific behavior noted:

  • Windows: uses DPAPI to decrypt browser data; later versions include a base64-encoded, XOR-encrypted Windows DLL payload and perform process injection/in-memory execution using NT native APIs (e.g., NtAllocateVirtualMemory, NtCreateThreadEx) and call an exported entry point named "Initialize".
  • macOS: extracts browser encryption material via Keychain and uses OpenSSL to decrypt login data.

Exfiltration and infrastructure:

  • Stolen data is compressed and exfiltrated/uploaded to attacker-controlled Appwrite storage buckets (network indicator guidance includes unexpected traffic to *.appwrite.io).
  • A host-based indicator described is a marker/execution-counter file at ~/.gwagon_status.

Infection/affected versions:

  • Reported malicious versions of the npm package "ansi-universal-ui" include 1.3.5 through 1.4.1 (with rapid iteration across ~10 versions over ~2 days).
Share:
For your environment

Hunt this family in your stack

Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.

Start free trial
EXPLOITED CVES

Vulnerabilities exploited

1 CVE Mallory has correlated with this family across public research and vendor advisories. Each row links to the full Mallory page for that vulnerability.

1 CVES
CVE-2025-15467OpenSSL CMS (Auth)EnvelopedData AEAD IV Stack Buffer Overflow

A critical pre-authentication remote code execution vulnerability, CVE-2025-15467 (CVSS 9.8), affects OpenSSL versions 3.0, 3.3, 3.4, 3.5, and 3.6.

via f5f5.com
ACTIVITY FEED

Recent activity

7 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

7 SOURCESView more in app
f5News
Mar 2, 2026
Weekly Threat Bulletin - February 4th, 2026 | F5 Labs

CVE-2025-15467... Threat Details and IOCs Malware: CoolClient, G_Wagon

Read more
the hacker newsNews
Jan 28, 2026
Fake Python Spellchecker Packages on PyPI Delivered Hidden Remote Access Trojan

Python-based information stealer delivered via a malicious npm package; exfiltrates browser credentials, cryptocurrency wallet data, cloud credentials, and Discord tokens to attacker-controlled storage (Appwrite bucket).

Read more
snyk blogNews
Jan 28, 2026
G_Wagon Infostealer: How a Fake npm UI Library Steals Crypto Wallets and Cloud Credentials | Snyk

A multi-stage, cross-platform infostealer delivered via a malicious npm package (ansi-universal-ui) using a Node.js postinstall dropper to fetch/execute obfuscated Python payloads. It steals browser credentials/cookies/autofill, cryptocurrency wallet extension data, cloud/provider credentials (AWS/Azure/GCP), SSH keys, Kubernetes configs, and various communication/auth tokens, then compresses and exfiltrates the data to attacker-controlled storage. Later variants add Windows in-memory injection using NT native APIs (NtAllocateVirtualMemory, NtCreateThreadEx) and encrypted DLL payloads, and may pipe Python payloads via stdin to reduce disk artifacts.

Read more
cyber security newsNews
Jan 27, 2026
G_Wagon npm Package Attacking Users to Exfiltrates Browser Credentials using Obfuscated Payload

Multi-stage information stealer delivered via a malicious npm package (ansi-universal-ui). It downloads its own Python runtime, executes heavily obfuscated in-memory Python payloads, injects an embedded Windows DLL into browser processes via native NT APIs, steals browser credentials, crypto wallet data, cloud credentials, and messaging tokens, and exfiltrates data to attacker-controlled Appwrite storage buckets.

Read more
+3 more in the timeline
What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets match these IOCs, which detections are missing, which campaigns to expect next, and what to do in the next 30 minutes.
Start free trial
IOC matching

Match every observed IP, domain, and hash against your live telemetry.

Threat actor attribution

Named campaigns wielding this family, with evidence pinned to each claim.

Exploited vulnerabilities1

CVEs this family uses for access and lateral movement.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

MITRE ATT&CK mapping

Every documented technique, ranked by evidence weight.

Researcher chatter

Reddit, Mastodon, and CTI community discussion around this family.