Keypoints
- FortiGuard Labs discovered numerous malicious packages on the NPM registry that run code during package install (pre/post-install scripts).
- Malicious install scripts perform system fingerprinting and search for sensitive artifacts including Kubernetes configs, SSH keys, source code, and user home directories.
- Exfiltration methods observed include Discord webhooks, HTTP requests to attacker-controlled URLs, archiving and FTP uploads, and downloading/executing binaries to disk.
- Some packages disable TLS validation (NODE_TLS_REJECT_UNAUTHORIZED=0), weakening transport security and increasing risk of interception.
- Multiple distinct code styles/patterns were grouped into sets, each reusing similar script behaviors but differing in implementation (index.js, index.mjs, installer.js).
- FortiGuard AntiVirus and FortiDevSec SCA detect and block these samples and their download URLs; AV signatures and MD5 hashes are published in the report.
MITRE Techniques
- [T1195] Supply Chain Compromise – Hidden malicious install scripts in npm packages run automatically during installation (‘most of these malicious packages use install scripts that run pre or post-install’).
- [T1059.006] Command and Scripting Interpreter: JavaScript – Malicious JavaScript in package entry scripts executes to collect system/user data (‘it exfiltrates sensitive data… gathers basic system fingerprinting details, like username, IP address, and hostname’).
- [T1083] File and Directory Discovery – Scripts scan for targeted files and directories (e.g., application configs, source code, service credentials) to identify sensitive artifacts (‘It scans for particular files and directories that may contain sensitive information’).
- [T1105] Ingress Tool Transfer – Some packages automatically download and execute additional binaries to disk (e.g., saving an executable to C:/ and running it) (‘This package automatically downloads and executes a potentially malicious executable file from a URL to a C:/ directory’).
- [T1041] Exfiltration Over C2 Channel – Data is exfiltrated using Discord webhooks and remote HTTP endpoints to transmit harvested information (‘uses a Discord webhook to exfiltrate sensitive data, such as system information, username, and folder contents’).
- [T1048] Exfiltration Over Alternative Protocol – Collected files are archived and uploaded to an FTP server for exfiltration (‘It then archives these files and directories and uploads the resulting archives to an FTP server’).
Indicators of Compromise
- [Package name] malicious NPM packages – @zola-helpers/client, @next-translate-root/i18n, discorddd.jss, @expue/webpack, and others (multiple versions listed in the report).
- [File names] installer/entry scripts used – index.js, index.mjs, installer.js (these scripts perform the collection and exfiltration).
- [Hashes] MD5 examples for malicious files – e905c2915762e6c1fa57ff3b444411da (@zola-helpers/client-1.0.1 index.mjs), 1b80da13c2d440b51de3e3b1f84b30b6 (@dtx-company/flowcode-generator-types index.js), and many other MD5s published in the report.
- [Behavioral IOC] network exfiltration endpoints and services – use of Discord webhooks, HTTP GET requests with query parameters, and FTP servers to receive archived data (specific URLs not shown in article text).
FortiGuard Labs identified multiple malicious NPM packages that embed data-stealing logic into their install-time scripts. These scripts (found as index.js, index.mjs, installer.js) execute during npm install and perform local discovery for sensitive artifacts—searching for Kubernetes configuration files, SSH keys, application/source directories and user home contents—then collect basic system fingerprints (username, hostname, public IP) to accompany stolen files.
Exfiltration techniques observed vary by package family: several use Discord webhooks to POST harvested data and folder listings; others issue HTTP GET requests to attacker-controlled endpoints with query parameters, bundle found files into archives and upload them to FTP servers, and some download and execute additional binaries placed into C:. A noted weakness deployed by some samples is setting NODE_TLS_REJECT_UNAUTHORIZED=0, which disables TLS certificate validation and exposes exfiltration traffic to interception or man-in-the-middle manipulation.
Fortinet’s technical mitigations include published AV signatures (per-package detections and MD5 hashes) and FortiDevSec SCA scans to catch malicious dependencies during development/testing. Operationally, defenders should scan package install scripts, block known malicious download/exfil endpoints, verify TLS settings, and apply SCA/AV protections to prevent these supply-chain-style install-time attacks.
Read more: https://www.fortinet.com/blog/threat-research/malicious-packages-hiddin-in-npm