New malicious npm packages have been found carrying a leaked Shai-Hulud clone that steals developer credentials, secrets, crypto wallet data, and account information. One of the packages also adds DDoS botnet functionality, and the activity is linked to the TeamPCP campaign and the suspected “phantom bot.” #ShaiHulud #TeamPCP #npm #OXsecurity #phantombot
Keypoints
- Four malicious npm packages were published by the account deadcode09284814.
- One package contained a leaked Shai-Hulud clone with no obfuscation.
- The malware stole credentials, secrets, wallet data, and account information.
- The axois-utils package also included HTTP, TCP, UDP, and TCP reset DDoS features.
- OXsecurity said the packages were downloaded 2,678 times and advised removing them immediately.