New waves of the PhantomRaven supply-chain campaign are targeting the npm registry with dozens of malicious packages designed to exfiltrate sensitive data from JavaScript developers. Researchers found the attacks use slopsquatting and Remote Dynamic Dependencies to bypass scanners and steal configuration files, CI/CD tokens, and environment variables. #PhantomRaven #npm
Keypoints
- PhantomRaven published dozens of malicious npm packages across four observed waves, many still available in the registry.
- Koi uncovered the campaign in October 2025 and Endor Labs found three additional waves distributing 88 packages via disposable accounts.
- Attackers used slopsquatting and LLM-like package names to impersonate projects such as Babel and GraphQL Codegen.
- The campaign leverages Remote Dynamic Dependencies in package.json to fetch and execute malware from external servers, evading automated inspection.
- The payload harvests .gitconfig, .npmrc, environment variables, CI/CD tokens, system fingerprints, and exfiltrates data to attacker C2 servers.