Malicious NPM Packages Targeting the JavaScript Supply Chain
A large-scale attack on the NPM (Node Package Manager) ecosystem has been uncovered, involving the publication of over 64,000 malicious packages by a coordinated group known as the IndonesianFoods worm. This campaign, active for more than two years, leveraged at least seven newly created NPM user accounts to distribute the malicious packages, which are notable for their consistent naming patterns and unusual internal dictionary. The attackers focused on creating new packages rather than stealing credentials, and the scale of the operation more than doubles the previously known number of malicious NPM packages. Security researchers have made available a comprehensive list of the affected packages and user accounts for further analysis.
In a separate but related incident, researchers identified a highly popular fake NPM package, "@acitons/artifact," which was downloaded over 206,000 times. This package used a typosquatting technique to mimic the legitimate GitHub Actions Toolkit and was designed to steal GitHub credentials by executing a malicious post-install script. The attack highlights the growing threat of software supply chain compromises, with the malicious package aiming to exfiltrate tokens from build environments and potentially publish further malicious artifacts. Both incidents underscore the increasing sophistication and scale of supply chain attacks targeting the JavaScript development community.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
IndonesianFoods npm worm publishes tens of thousands of packages
Researchers reported that the IndonesianFoods threat escalated into an npm worm that automatically published a very large number of packages, with one source citing roughly 64,000 packages. This marked a broader supply-chain impact beyond a single malicious package.
Malicious npm package 'indonesianfoods' targets GitHub credentials
A malicious npm package named 'indonesianfoods' was identified as stealing GitHub credentials from infected systems. One report says the package had accumulated about 206,000 downloads before being highlighted publicly.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Supply Chain Attacks and Remote Access Trojans Targeting NPM Ecosystem and Banking Sector
A series of sophisticated supply chain attacks have targeted the NPM ecosystem, compromising both widely used and niche packages to deliver malicious payloads. The "Shai-Hulud" campaign has infected at least 187 NPM packages, including the highly popular tinycolor package, which receives approximately 2 million downloads weekly. Attackers in this campaign modify package manifests, inject malicious files, and republish the compromised packages, resulting in downstream projects unknowingly incorporating malicious code. The worm-like nature of the attack allows it to spread rapidly to other maintainers' packages, amplifying the impact across the software supply chain. Delayed detection of these compromises increases the risk, as many projects may already be affected before the breach is discovered. The attack highlights the critical importance of verifying package signatures and maintaining a robust software bill of materials (SBOM) to trace dependencies and versions accurately. In a related but distinct campaign, a threat actor using the NPM account "ongtrieuhau861.001" has published at least 94 malicious packages, many of which are specifically crafted to target Asian banks. These packages, often named with the pattern "dhhdbankxxxxx" and similar variants, deliver a JavaScript-based Remote Access Trojan (RAT) dubbed "DHSollutionsBot." This RAT leverages Firebase Realtime Database for command and control, while exfiltrating stolen data through Discord webhooks, making detection more challenging due to the use of legitimate cloud services. The threat actor's NPM account history suggests either a long-term operation or the acquisition of an existing account for malicious purposes. The attack architecture is notable for its simplicity and effectiveness, combining two legitimate platforms for resilient and stealthy C2 operations. Both campaigns underscore the growing threat of supply chain attacks in the open-source ecosystem, where a single compromised package can have cascading effects on countless downstream projects. Developers and organizations are urged to implement cryptographic signing of packages, verify signatures before use, and maintain detailed SBOMs to mitigate the risk of such attacks. The incidents also demonstrate the need for continuous monitoring of package repositories and automated detection tools to identify and respond to malicious activity promptly. The use of trusted platforms like Discord and Firebase for C2 communications further complicates detection and response efforts. These attacks serve as a stark reminder that even well-established codebases can become vectors for compromise if their dependencies are not rigorously vetted and monitored. The campaigns have prompted renewed calls for improved security practices in the software development lifecycle, particularly in the management of third-party dependencies. Organizations are advised to review their exposure to affected NPM packages and take immediate remediation steps where necessary. The incidents highlight the evolving tactics of threat actors in targeting the software supply chain and the critical need for industry-wide vigilance.
Mar 21, 2026
Software Supply Chain Threats Targeting Open-Source Ecosystems and Developer Tooling
Open-source software supply chain risk continued to escalate, with reporting citing **454,600+** newly identified malicious packages across major repositories (including **PyPI, npm, Maven Central, NuGet, and Hugging Face**) and tactics ranging from **credential theft** to **multi-stage attacks** and even early **self-replicating** package malware. The activity reportedly concentrated heavily in **npm**, including high-volume “ecosystem flooding” (e.g., single accounts publishing **150,000+** malicious packages in days) and **hijacking of trusted projects**, exploiting developer reliance on superficial trust signals such as package names, READMEs, and download counts. Separately, researchers disclosed **“PackageGate”** vulnerabilities in JavaScript package managers (**npm, pnpm, vlt, and Bun**) that can bypass common post-incident defenses—namely `--ignore-scripts` and lockfile integrity—enabling malicious code execution via compromised dependencies. Koi Security reported six issues; **pnpm, vlt, and Bun** shipped fixes, while **npm** reportedly treated the behavior as expected. In parallel, threat actors abused **GitHub’s fork architecture** to distribute a spoofed *GitHub Desktop* installer promoted via search ads; execution deployed **HijackLoader** and established persistence via a **scheduled task**, underscoring that supply chain threats extend beyond package registries into developer tooling distribution channels.
Mar 21, 2026
Malicious npm Package Targets GitHub Actions CI/CD Workflows
A malicious npm package named `@acitons/artifact` was discovered impersonating the legitimate `@actions/artifact` module, specifically targeting GitHub Actions CI/CD pipelines. The package was designed to be triggered during the build process of GitHub-owned repositories, where it would capture available tokens from the build environment and use them to publish malicious artifacts under GitHub’s name. The attack leveraged a post-install hook to download and execute an obfuscated shell script called `harness`, which was not detected by popular antivirus solutions. The package was downloaded over 260,000 times before being detected, with six malicious versions uploaded to npm. Further analysis revealed that the malware was configured to only execute if certain GitHub-specific environment variables were present, indicating a targeted attack against GitHub’s own repositories. The script exfiltrated sensitive data in encrypted form to a remote server and was designed to avoid execution after a specific date. Another related npm package, `8jfiesaf83`, was also identified with similar functionality but has since been removed. The threat actor behind the campaign, identified as "blakesdev," removed the offending versions after discovery, but the incident highlights the risks of supply chain attacks in CI/CD environments and the potential for privilege escalation through typosquatted dependencies.
Mar 21, 2026