A sophisticated supply-chain phishing campaign in early September 2025 compromised as many as 20 popular npm packages, resulting in 2.67 billion weekly downloads and injecting JavaScript that intercepts and redirects multi-chain cryptocurrency transactions. The attack used a cleanly configured domain (npmjs.help) and AI-assisted phishing content to bypass conventional defenses and exfiltrate credentials and 2FA to websocket-api2[.]publicvm.com. #npmjs.help #websocket-api2.publicvm.com
Keypoints
- Approximately 20 npm packages were compromised in a supply-chain attack, achieving 2.67 billion weekly downloads and over 130.765 billion downloads across all versions.
- The attack originated from a targeted phishing campaign against npm maintainers (including Josh Junon, qix) that used the domain npmjs.help and legitimate-looking emails.
- Attackers used clean email infrastructure (SPF/DKIM/DMARC passed, non-blacklisted IP) and AI-generated content (70–80% likelihood) to evade detection.
- Malicious code implemented a browser-side “stealth proxy” to intercept Web3 wallet APIs (fetch, XMLHttpRequest, window.ethereum.request, Solana signing methods) and rewrite transaction recipients to attacker-controlled addresses.
- Malware targeted six blockchains (Ethereum, Bitcoin, Solana, Tron, Litecoin, Bitcoin Cash), included 280 hardcoded attacker wallets, and used Levenshtein-distance lookalike substitutions to remain stealthy.
- Credential theft and 2FA interception were performed via a fake npm login page that exfiltrated credentials and tokens to websocket-api2[.]publicvm.com.
- Detection recommendations emphasize AI-driven contextual, linguistic, and visual analysis (relationship graphs, natural language intent classification, phishing site comparison) rather than relying solely on traditional indicators.
MITRE Techniques
- [T1566] Phishing – Attackers sent targeted emails from npmjs.help using valid SPF/DKIM/DMARC to appear legitimate and lure maintainers (“Authentication-Results: … dkim=pass … spf=pass … dmarc=pass (policy=none) header.from=npmjs.help”).
- [T1586] Compromise Software Supply Chain – Malicious code was injected into popular npm packages to distribute a crypto-interceptor across millions of users (“one of the largest supply chain attacks … 20 popular npm packages being compromised”).
- [T1204] User Execution – The malicious package executed browser-side JavaScript that wrapped Web APIs and wallet methods on page load to perform interception (“Upon page load, the code activates within the user’s browser and wraps critical web APIs, including: fetch(), XMLHttpRequest, window.ethereum.request()”).
- [T1056] Input Capture – The fake npm login page captured credentials and 2FA tokens and sent them to the attacker server (“The fake NPM page captures the username and password … sending them to websocket-api2[.]publicvm.com”).
- [T1606] Forge Web Credentials – The phishing site replicated the legitimate npmjs.com login page (pixel-perfect replica) to harvest credentials and recovery codes (“The site was a pixel-perfect replica of the legitimate NPM login page”).
- [T1486] Data Encrypted for Impact (Credential theft and 2FA exfiltration) – Credentials and 2FA/recovery codes were collected and transmitted to attacker infrastructure for account takeover (“The full ‘params’ format includes username, password, and 2fa token … send the data to the attacker’s server-side function”).
- [T1598] Phishing for Information – Use of AI-generated generic corporate language and lack of personalization to increase success of credential harvesting (“Polished, formal tone … Generic corporate language … No personalization”).
- [T1556] Modify Cloud/Storage Object (Code Manipulation) – The malicious package modified frontend bundles by injecting obfuscated JavaScript that alters transaction payloads and token approvals (“malicious package versions contain obfuscated JavaScript that silently injects a browser-side interceptor into frontend bundles”).
Indicators of Compromise
- [Domain] Phishing domain used to send emails and host fake site – npmjs.help
- [Domain] Exfiltration endpoint – websocket-api2.publicvm.com
- [Wallet Address] Attacker-controlled Ethereum address observed with funds – 0xFc4a4858bafef54D1b1d7697bfb5c52F4c166976
- [File/Package Names] Example compromised or notable npm packages – vue-toasted (ebrandel), Mrasup, coliff, shakee93 (and other package names referenced)
- [Email Authentication Headers] Examples showing passed auth results – “dkim=pass header.d=npmjs.help”, “spf=pass smtp.mailfrom=ndr-cbbfcb00-8c4d-11f0-0040-f184d6629049@mt86.npmjs.help”
Read more: https://www.varonis.com/blog/npm-hijacking