Malicious open-source packages and developer-targeted supply chain attacks
Security researchers reported multiple software supply chain threats targeting developers via public package ecosystems. Tenable analyzed a malicious npm package, ambar-src, that reached roughly 50,000 downloads in days before removal; it executed during installation via malicious preinstall behavior, used evasion techniques, and dropped OS-specific payloads for Windows, Linux, and macOS, with typosquatting assessed as the likely lure (mimicking ember-source). Separate reporting described a campaign using malicious NuGet packages (e.g., NCryptYo, DOMOAuth2_, IRAOAuth2.0, SimpleWriter_) that impersonated legitimate .NET libraries, executed code on assembly load, and established local proxying/backdoor behavior to facilitate credential theft and persistence in ASP.NET environments.
Additional coverage warned of an npm “worm-like” propagation pattern impacting CI pipelines and AI coding tools, reinforcing that developer tooling and build systems are high-risk choke points where a single poisoned dependency can spread quickly across environments. While the broader set of articles also included unrelated breach, ransomware, and policy items, the developer-focused supply chain reporting consistently emphasized that installation-time execution and typosquatting/impersonation enable compromise even when developers never directly call the malicious code, and that traditional detection can lag (e.g., low initial antivirus detection rates for obfuscated .NET payloads).
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Tenable publishes analysis of malicious npm package ambar-src
Tenable Research publicly detailed how "ambar-src" delivered multi-platform malware, including a Windows shellcode loader, a Linux ELF payload with reverse shell capability, and a macOS Apfell agent. The report also identified Yandex Cloud Functions as command-and-control relay infrastructure and urged immediate incident response and secret rotation for affected hosts.
Researchers link NuGet packages to credential theft campaign
Socket.dev and other analysis tied the four NuGet packages together through shared infrastructure and a byte-identical hardcoded token, revealing a coordinated supply-chain campaign. The research showed the malware deployed a localhost proxy, exfiltrated ASP.NET Identity data, and could write attacker-controlled files and launch hidden processes.
npm removes ambar-src and GitHub advisory is issued
npm removed the malicious "ambar-src" package within hours of the malicious version being published, after it had been downloaded about 50,000 times. A GitHub Security Advisory was also issued warning that any host with the package installed should be treated as fully compromised.
Malicious npm package ambar-src published to npm
A malicious npm package named "ambar-src," likely typosquatting the legitimate "ember-source" package, was published to npm. It used a preinstall script to fetch and execute OS-specific second-stage malware on Windows, Linux, and macOS during installation.
Malicious NuGet packages published to target ASP.NET developers
In mid-August 2024, four malicious NuGet packages — NCryptYo, DOMOAuth2_, IRAOAuth2.0, and SimpleWriter_ — were published by the user "hamzazaheer." The packages were designed to steal credentials, establish persistence, and compromise both developer systems and downstream ASP.NET deployments.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
New malicious npm package 'ambar-src' targets developers with open source malware | Tenable®
tenable.com
Open sourceMalicious NuGet Packages Attacking ASP.NET Developers to Steal Login Credentials
cybersecuritynews.com
Open sourceShai-Hulud-style NPM worm hits CI pipelines and AI coding tools | CSO Online
csoonline.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Software Supply Chain Threats Targeting Open-Source Ecosystems and Developer Tooling
Open-source software supply chain risk continued to escalate, with reporting citing **454,600+** newly identified malicious packages across major repositories (including **PyPI, npm, Maven Central, NuGet, and Hugging Face**) and tactics ranging from **credential theft** to **multi-stage attacks** and even early **self-replicating** package malware. The activity reportedly concentrated heavily in **npm**, including high-volume “ecosystem flooding” (e.g., single accounts publishing **150,000+** malicious packages in days) and **hijacking of trusted projects**, exploiting developer reliance on superficial trust signals such as package names, READMEs, and download counts. Separately, researchers disclosed **“PackageGate”** vulnerabilities in JavaScript package managers (**npm, pnpm, vlt, and Bun**) that can bypass common post-incident defenses—namely `--ignore-scripts` and lockfile integrity—enabling malicious code execution via compromised dependencies. Koi Security reported six issues; **pnpm, vlt, and Bun** shipped fixes, while **npm** reportedly treated the behavior as expected. In parallel, threat actors abused **GitHub’s fork architecture** to distribute a spoofed *GitHub Desktop* installer promoted via search ads; execution deployed **HijackLoader** and established persistence via a **scheduled task**, underscoring that supply chain threats extend beyond package registries into developer tooling distribution channels.
Mar 21, 2026
Developer-Focused Supply Chain Malware via Malicious Open-Source Packages
Security researchers reported multiple **software supply chain** campaigns targeting developers through malicious packages in public repositories, aiming to steal credentials/secrets and establish persistent access that can later impact production environments. Socket disclosed a campaign dubbed **StegaBin** involving **26 malicious npm packages** published over a two-day window that used a Pastebin “dead-drop” with **character-level steganography** to conceal C2 details, then resolved additional infrastructure across **31 Vercel deployments** to deliver platform-specific shell payloads that install a RAT and a **nine-module infostealer** targeting VSCode data, SSH keys, git repositories, browser credential stores, clipboard contents, and other local secrets. Socket assessed the tradecraft as consistent with activity previously attributed to **North Korea-aligned FAMOUS CHOLLIMA (Lazarus-linked)** and noted rapid detection of the packages shortly after publication. Separately, reporting highlighted **four malicious NuGet packages**—`NCryptYo`, `DOMOAuth2_`, `IRAOAuth2.0`, and `SimpleWriter_`—that targeted **ASP.NET** developers by exfiltrating **ASP.NET Identity** data (users/roles/permissions) and enabling backdoors; the packages were published in August 2024, accumulated **4,500+ downloads**, and were later removed. In that campaign, `NCryptYo` functioned as a dropper and proxy to an attacker-controlled C2, while `DOMOAuth2_` and `IRAOAuth2.0` handled data theft and backdoor rule delivery, and `SimpleWriter_` enabled file writing and hidden process execution while masquerading as a PDF utility. Other items in the set described unrelated C2 tooling trends (a Polygon blockchain-based botnet loader and the Vshell C2 framework) and do not describe the same package-repository supply chain incidents.
Jun 12, 2026
npm Supply-Chain Attacks Steal Developer Tokens and Enable Cloud Compromise
Threat actors are using **malicious npm packages** to steal developer credentials and CI/CD secrets, enabling rapid escalation into cloud environments. Google reported that **UNC6426** leveraged keys stolen during the earlier compromise of the *nx* npm ecosystem to pivot from a stolen developer GitHub token into **AWS administrative access within 72 hours**, abusing **GitHub-to-AWS OpenID Connect (OIDC) trust** to create a new admin role. The actor then used that access to **exfiltrate data from AWS S3** and conduct **destructive actions** in production cloud environments; the initial *nx* compromise involved a GitHub Actions `pull_request_target` workflow abuse (“**Pwn Request**”) that enabled publishing trojanized packages containing a `postinstall` chain that executed the **QUIETVAULT** JavaScript credential stealer and uploaded stolen data to a public GitHub repo (`/s1ngularity-repository-1`). Separately, researchers reported new waves of the **PhantomRaven** npm supply-chain campaign distributing **88 additional malicious packages** (via ~50 disposable accounts) that target JavaScript developers by exfiltrating secrets from files like `.gitconfig` and `.npmrc`, environment variables, and CI/CD tokens (e.g., GitHub/GitLab/Jenkins/CircleCI). The campaign uses **slopsquatting** (LLM-suggested lookalike package names) and a stealth technique called **Remote Dynamic Dependencies (RDD)**, where `package.json` pulls a dependency from an external URL so the malicious payload is fetched at install time (`npm install`) and can evade static package inspection; researchers indicated many of these packages remained available in the npm registry at the time of reporting.
Mar 21, 2026