PromptMink

Another technique uses typosquatting, where the names and descriptions mimic legitimate libraries.

A malicious npm package campaign called PromptMink surfaced after being introduced into an open-source autonomous crypto trading project through a code commit... That commit added a package called @solana-launchpad/sdk as a dependency... it silently pulled in a second package named @validate-sdk/v2, which is the actual malicious payload.

The attack adopts a phased approach, where the first-layer packages do not contain any malicious code, but import second-layer packages that actually embed the nefarious functionality.

On Linux-based systems, the malware plants the attacker’s public SSH key into the victim’s authorized keys file, creating a persistent backdoor that allows remote access even after the malicious package has been removed.

On Linux-based systems, the malware plants the attacker’s public SSH key into the victim’s authorized keys file, creating a persistent backdoor that allows remote access even after the malicious package has been removed.

Early versions of the malware were obfuscated JavaScript-based stealers ... BlueVoyant researcher Curt Buchanan said ... from static Obfuscator.io encoding to dynamically rotating custom obfuscation.

This second package presents itself as a standard data validation tool while covertly collecting and sending sensitive credentials from the host environment to a remote attacker-controlled server.

Early versions of the malware were obfuscated JavaScript-based stealers that scan the current working directory recursively for .env or .json files ... Since then, the attackers behind the breach have published a new npm package called "csec-crypto-utils" containing an "updated payload" that substitutes the RAT dropper for a data stealer that exfoliates AWS keys, GitHub tokens, and .npmrc configuration files.

Once the @validate-sdk/v2 package reaches a developer’s system, it begins scanning all directories for files that may contain sensitive information. It targets environment files, JSON configuration files, API keys, and anything related to cryptocurrency transactions or wallet access.

Collected files are compressed and quietly sent to an attacker-controlled server... Later versions written in Rust went further, compressing and stealing entire project directories, including full source code.

Collected files are compressed and quietly sent to an attacker-controlled server. Earlier package versions relied on a base64-encoded URL to hide the destination, while later versions switched to a dedicated domain to make tracking harder.

Early versions of the malware were obfuscated JavaScript-based stealers that scan the current working directory recursively for .env or .json files and stage for exfiltration to a Vercel URL ("ipfs-url-validator.vercel.app").