Cybersecurity researchers have uncovered a new software supply chain campaign involving malicious npm packages disguised as legitimate PostCSS related tools that deliver a Windows based remote access trojan (RAT). According to findings published by JFrog, the packages were uploaded over the past month by an npm user identified as “abdrizak” and remained available for download at the time of reporting. The identified packages include aes-decode-runner-pro, which recorded 145 downloads, postcss-minify-selector with 256 downloads, and postcss-minify-selector-parser with 615 downloads. Researchers found that the packages were designed to appear as useful development tools while secretly deploying malware. Aes-decode-runner-pro and postcss-minify-selector-parser presented themselves as layered AES and custom codec packages and relied on the legitimate postcss-selector-parser library, while postcss-minify-selector claimed to be a PostCSS selector minifier and depended on postcss-minify-selector-parser. The naming of postcss-minify-selector-parser closely resembles the widely used postcss-selector-parser package, which receives more than 127 million weekly downloads, increasing the likelihood of developers mistakenly installing the malicious version.
Researchers said that regardless of which package is downloaded, the attack chain ultimately leads to the installation of the same Windows malware. The packages contain a JavaScript dropper that writes a PowerShell script named settings.ps1 to disk and executes it. This script functions as a downloader that retrieves an additional payload from an external server using curl.exe. The downloaded payload arrives as a ZIP archive containing several components, including a Visual Basic Script called update.vbs, a Python runtime, a Python loader named loader.py, and multiple Python extension modules compiled with Nuitka. The Visual Basic script establishes the Python environment on the compromised system and launches the loader, which activates the malware’s primary functionality. Once operational, the RAT can gather system information, steal credentials stored in Google Chrome, collect data from browser extensions, execute shell commands, and upload or download files through a command and control server located at 95.216.92.207:8080. Researchers identified several Python native extension modules responsible for different aspects of the malware, including configuration management, command and control communications, system profiling, virtual machine detection, file transfers, command execution, credential theft, and archive handling.
JFrog noted that the campaign demonstrates how seemingly harmless parser related packages can conceal sophisticated multi stage malware while leveraging trust associated with widely used development tools. The company warned that lookalike build dependencies should be treated as potential attack vectors rather than dismissed as simple naming similarities. The discovery coincides with several additional campaigns targeting npm and the broader TypeScript ecosystem. Security company SafeDep identified a malicious package named apintergrationpost that masquerades as a Node.js integration client for authorized red team exercises while delivering a Linux based RAT known as MYRA. Researchers said the package compiles a native C rootkit during installation, establishes multiple persistence mechanisms, disguises itself as a systemd service, supports fileless execution, and provides remote shell access alongside live screen streaming capabilities. Another package, @withgoogle/stitch-sdk, impersonates Google’s Stitch AI design tool and is capable of stealing developer credentials from numerous sources, including Git configurations, SSH keys, GitHub CLI credentials, npm settings, and Docker configuration files before transmitting the information to an attacker controlled domain.
Researchers also identified a cluster of five related packages named procwire, routecraft, endpointmap, bytecraft, and staticlayer that work together to deploy a malicious dropper on Windows systems during installation. Routecraft depends on procwire, while procwire relies on endpointmap and bytecraft. Staticlayer serves as a backend component that delivers payloads to clients presenting a specific user agent associated with the malware. Security experts advised users who installed any of the identified packages to remove them immediately, delete associated artifacts, and rotate credentials from affected development systems. The findings also align with a separate supply chain compromise targeting the gonex-AI/Understand-Anything knowledge graph project, which was used to distribute a malicious payload capable of communicating with multiple command and control servers, decrypting downloaded code, and obtaining additional instructions through blockchain based infrastructure. Researchers linked the activity to tactics associated with the North Korean linked PolinRider operation, which has previously injected obfuscated JavaScript into legitimate developer configuration files across nearly 2,000 compromised GitHub repositories to distribute BeaverTail malware and the InvisibleFerret backdoor. SafeDep stated that the latest campaign combines deceptive pull request content, concealed malicious code hidden within horizontal whitespace, and a two stage command structure that uses public blockchain infrastructure as a resilient communication channel, creating additional challenges for detection and response efforts.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
