Cybersecurity researchers have uncovered a sophisticated supply chain attack targeting the npm registry with over 100 malicious packages, named PhantomRaven, designed to steal sensitive developer information. This attack exploits hidden dependencies and AI-generated package names to bypass security measures. #PhantomRaven #npmsecurity
Keypoints
- The PhantomRaven campaign began in August 2025 and has infected over 86,000 downloads from 126 malicious npm packages.
- The attacker hides malicious code in dependencies by fetching from an untrusted URL, bypassing npmjs.com security checks.
- The malware aims to exfiltrate developer environment details, including email addresses, IPs, and CI/CD secrets.
- The attack leverages slopsquatting and AI-generated package names to deceive developers and exploit automated security tools.
- Lifecycle scripts execute malicious payloads during package installation, enabling stealthy and persistent attacks.
Read More: https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html