The second-largest attack on the NPM infrastructure: why did it happen again?

Recently, another major attack hit the NPM system. Malicious code was hidden inside popular packages that developers install in their projects. This code secretly collected sensitive data, including access keys, passwords, tokens, and environmental data — everything that could be used to hack into accounts or servers. GetBlock AML Research explains how attackers managed to pull off another attack on the NPM infrastructure.

Overview of the largest NPM attack in history: what it is and how it relates to crypto

Malicious code was embedded in specialized packages for developers that are used to create global Internet infrastructure

Читать дальше

How the attack was carried out

Take the @asyncapi/[email protected] package as an example.

If you compare it with the previous version, you can see that two suspicious files have been added to the new version: setup_bun.js and the hidden file bun_environment.js.

New file in the repository.

A new script was added to the package.json file, which automatically runs setup_bun.js when the package is installed.

Malicious script code.

This script did the following:

It checked whether a tool called Bun was installed on the computer. If not, it downloaded and installed it itself. It configured the system so that Bun would run without any problems. Through Bun, it launched a second file, bun_environment.js, which was the main malicious code.

After partial decryption, it became clear that this file:

• checked whether there were NPM or GitHub tokens on the computer;
• if there were, it attempted to infect the supply chain, i.e., replace the packages you publish;
• collected information about the system and uploaded everything to a GitHub repository controlled by the attacker.

What data were they hunting for

1. Cloud service data (AWS, GCP, Azure)

The script was able to search for access to three major cloud platforms.

It went through all the keys and logins it found, entered each “secret storage” (Secrets Manager, Key Vault, etc.), and extracted the latest versions of confidential data from there:

• passwords
• API keys
• database data
• keys for accessing services
• any “secret strings”

2. Data from the computer

The attackers used a legitimate tool that normally searches for accidentally leaked keys in code. But they used it to their advantage to check their victims’ devices.

How the attack spread

The script replaced NPM packages that the victim had publishing rights to, and then:

• downloaded the source code of the legitimate package;
• replaced package.json in it, adding a malicious script;
• updated the package version (so that users would receive an automatic update);
• published the infected version to NPM.

This allowed the infection to spread further, like a chain reaction.

Remote control of the victim’s computer

In addition to stealing data, the script created a new GitHub repository on behalf of the victim and turned the victim’s computer into a so-called GitHub Actions Runner, i.e., a server that performs tasks.

The attacker added a hidden script to the repository that forced the victim’s computer to execute any commands when the Actions task was run. This gave them almost complete remote control over the infected devices.

Conclusion

This attack was particularly dangerous because it combined:

• automatic distribution via NPM packages,
• deep theft of secrets from clouds,
• and use of the victim’s computer as a remote “command executor.”

Developers are advised to

• strictly fix dependency versions;
• update packages only after verification;
• do not install new versions “blindly.”

Full list of infected packages

• 02-echo-0.0.7.tgz
• accordproject_concerto-linter-default-ruleset-3.24.1.tgz
• accordproject_concerto-metamodel-3.12.5.tgz
• accordproject_concerto-types-3.24.1.tgz
• accordproject_markdown-it-cicero-0.16.26.tgz
• accordproject_template-engine-2.7.2.tgz
• actbase_css-to-react-native-transform-1.0.3.tgz
• actbase_native-0.1.32.tgz
• actbase_node-server-1.1.19.tgz
• actbase_react-absolute-0.8.3.tgz
• actbase_react-daum-postcode-1.0.5.tgz
• actbase_react-kakaosdk-0.9.27.tgz
• actbase_react-native-actionsheet-1.0.3.tgz
• actbase_react-native-devtools-0.1.3.tgz
• actbase_react-native-fast-image-8.5.13.tgz
• actbase_react-native-kakao-channel-1.0.2.tgz
• actbase_react-native-kakao-navi-2.0.4.tgz
• actbase_react-native-less-transformer-1.0.6.tgz
• actbase_react-native-naver-login-1.0.1.tgz
• actbase_react-native-simple-video-1.0.13.tgz
• actbase_react-native-tiktok-1.1.3.tgz
• antstackio_eslint-config-antstack-0.0.3.tgz
• antstackio_express-graphql-proxy-0.2.8.tgz
• antstackio_json-to-graphql-1.0.3.tgz
• antstackio_shelbysam-1.1.7.tgz
• aryanhussain_my-angular-lib-0.0.23.tgz
• asyncapi_avro-schema-parser-3.0.26.tgz
• asyncapi_bundler-0.6.6.tgz
• asyncapi_cli-4.1.3.tgz
• asyncapi_converter-1.6.4.tgz asyncapi_generator-2.8.6.tgz
• asyncapi_generator-components-0.3.3.tgz
• asyncapi_generator-helpers-0.2.2.tgz
• asyncapi_java-spring-template-1.6.2.tgz
• asyncapi_keeper-0.0.3.tgz
• asyncapi_modelina-5.10.3.tgz
• asyncapi_multi-parser-2.2.2.tgz
• asyncapi_nunjucks-filters-2.1.2.tgz
• asyncapi_openapi-schema-parser-3.0.26.tgz
• asyncapi_optimizer-1.0.6.tgz
• asyncapi_parser-3.4.2.tgz
• asyncapi_protobuf-schema-parser-3.5.3.tgz
• asyncapi_react-component-2.6.7.tgz
• asyncapi_specs-6.8.3.tgz
• asyncapi_studio-1.0.3.tgz
• clausehq_flows-step-mqtt-0.1.14.tgz
• clausehq_flows-step-sendgridemail-0.1.14.tgz
• clausehq_flows-step-taskscreateurl-0.1.14.tgz
• dev-blinq_cucumber-js-1.0.131.tgz
• dev-blinq_cucumber_client-1.0.738.tgz
• ensdomains_address-encoder-1.1.5.tgz
• ensdomains_blacklist-1.0.1.tgz
• ensdomains_ccip-read-dns-gateway-0.1.1.tgz
• ensdomains_ccip-read-worker-viem-0.0.4.tgz
• ensdomains_curvearithmetics-1.0.1.tgz
• ensdomains_cypress-metamask-1.2.1.tgz
• ensdomains_hardhat-chai-matchers-viem-0.1.15.tgz
• ensdomains_hardhat-toolbox-viem-extended-0.0.6.tgz
• ensdomains_renewal-0.0.13.tgz
• ensdomains_server-analytics-0.0.2.tgz
• ensdomains_subdomain-registrar-0.2.4.tgz
• ensdomains_test-utils-1.3.1.tgz
• ensdomains_thorin-0.6.51.tgz
• ensdomains_ui-3.4.6.tgz
• ensdomains_vite-plugin-i18next-loader-4.0.4.tgz
• ensdomains_web3modal-1.10.2.tgz
• everreal_validate-esmoduleinterop-imports-1.4.4.tgz
• everreal_validate-esmoduleinterop-imports-1.4.5.tgz
• everreal_web-analytics-0.0.1.tgz
• everreal_web-analytics-0.0.2.tgz
• faq-component_core-0.0.4.tgz
• faq-component_react-1.0.1.tgz
• hapheus_n8n-nodes-pgp-1.5.1.tgz
• hover-design_core-0.0.1.tgz
• ifelsedeveloper_protocol-contracts-svm-idl-0.1.2.tgz
• kvytech_cli-0.0.7.tgz
• kvytech_components-0.0.2.tgz
• kvytech_habbit-e2e-test-0.0.2.tgz
• kvytech_medusa-plugin-announcement-0.0.8.tgz
• kvytech_medusa-plugin-management-0.0.5.tgz
• kvytech_medusa-plugin-newsletter-0.0.5.tgz
• kvytech_medusa-plugin-product-reviews-0.0.9.tgz
• kvytech_medusa-plugin-promotion-0.0.2.tgz
• kvytech_web-0.0.2.tgz
• lessondesk_schoolbus-5.2.3.tgz
• markvivanco_app-version-checker-1.0.1.tgz
• markvivanco_app-version-checker-1.0.2.tgz
• mcp-use_cli-2.2.6.tgz
• mcp-use_cli-2.2.7.tgz
• mcp-use_inspector-0.6.2.tgz
• mcp-use_inspector-0.6.3.tgz
• mcp-use_mcp-use-1.0.1.tgz
• mcp-use_mcp-use-1.0.2.tgz
• ntnx_passport-wso2–0.0.3.tgz
• ntnx_t-0.0.101.tgz
• orbitgtbelgium_mapbox-gl-draw-cut-polygon-mode-2.0.5.tgz
• orbitgtbelgium_mapbox-gl-draw-scale-rotate-mode-1.1.1.tgz
• orbitgtbelgium_orbit-components-1.2.9.tgz
• orbitgtbelgium_time-slider-1.0.187.tgz
• osmanekrem_bmad-1.0.6.tgz
• osmanekrem_error-handler-1.2.2.tgz
• posthog_core-1.5.6.tgz
• posthog_currency-normalization-plugin-0.0.8.tgz
• posthog_databricks-plugin-0.0.8.tgz
• posthog_drop-events-on-property-plugin-0.0.8.tgz
• posthog_filter-out-plugin-0.0.8.tgz
• posthog_first-time-event-tracker-0.0.8.tgz
• posthog_heartbeat-plugin-0.0.8.tgz
• posthog_hedgehog-mode-0.0.42.tgz
• posthog_maxmind-plugin-0.1.6.tgz
• posthog_nextjs-0.0.3.tgz
• posthog_pagerduty-plugin-0.0.8.tgz
• posthog_piscina-3.2.1.tgz
• posthog_plugin-server-1.10.8.tgz
• posthog_postgres-plugin-0.0.8.tgz
• posthog_rrweb-0.0.31.tgz
• posthog_rrweb-player-0.0.31.tgz
• posthog_rrweb-record-0.0.31.tgz
• posthog_rrweb-replay-0.0.19.tgz
• posthog_taxonomy-plugin-0.0.8.tgz
• posthog_twitter-followers-plugin-0.0.8.tgz
• posthog_variance-plugin-0.0.8.tgz
• posthog_web-dev-server-1.0.5.tgz
• posthog_wizard-1.18.1.tgz
• postman_aether-icons-2.23.2.tgz
• postman_aether-icons-2.23.3.tgz
• postman_aether-icons-2.23.4.tgz
• postman_csv-parse-4.0.4.tgz
• postman_csv-parse-4.0.5.tgz
• postman_final-node-keytar-7.9.1.tgz
• postman_final-node-keytar-7.9.2.tgz
• postman_final-node-keytar-7.9.3.tgz
• postman_mcp-ui-client-5.5.1.tgz
• postman_mcp-ui-client-5.5.2.tgz
• postman_mcp-ui-client-5.5.3.tgz
• postman_node-keytar-7.9.4.tgz
• postman_node-keytar-7.9.5.tgz
• postman_node-keytar-7.9.6.tgz
• postman_pm-bin-linux-x64–1.24.3.tgz
• postman_pm-bin-linux-x64–1.24.4.tgz
• postman_pm-bin-linux-x64–1.24.5.tgz
• postman_pm-bin-macos-arm64–1.24.3.tgz
• postman_pm-bin-macos-arm64–1.24.4.tgz
• postman_pm-bin-macos-arm64–1.24.5.tgz
• postman_pm-bin-macos-x64–1.24.3.tgz
• postman_pm-bin-macos-x64–1.24.4.tgz
• postman_pm-bin-macos-x64–1.24.5.tgz
• postman_pm-bin-windows-x64–1.24.3.tgz
• postman_pm-bin-windows-x64–1.24.4.tgz
• postman_pm-bin-windows-x64–1.24.5.tgz
• postman_postman-collection-fork-4.3.3.tgz
• postman_postman-collection-fork-4.3.4.tgz
• postman_postman-collection-fork-4.3.5.tgz
• postman_postman-mcp-cli-1.0.3.tgz
• postman_postman-mcp-cli-1.0.4.tgz
• postman_postman-mcp-server-2.4.11.tgz
• postman_postman-mcp-server-2.4.12.tgz
• postman_pretty-ms-6.1.1.tgz
• postman_pretty-ms-6.1.2.tgz
• postman_pretty-ms-6.1.3.tgz
• postman_secret-scanner-wasm-2.1.2.tgz
• postman_secret-scanner-wasm-2.1.3.tgz
• postman_secret-scanner-wasm-2.1.4.tgz
• postman_tunnel-agent-0.6.5.tgz
• postman_tunnel-agent-0.6.6.tgz
• postman_wdio-allure-reporter-0.0.7.tgz
• postman_wdio-allure-reporter-0.0.8.tgz
• postman_wdio-allure-reporter-0.0.9.tgz
• postman_wdio-junit-reporter-0.0.4.tgz
• postman_wdio-junit-reporter-0.0.5.tgz
• postman_wdio-junit-reporter-0.0.6.tgz
• pradhumngautam_common-app-1.0.2.tgz
• pruthvi21_use-debounce-1.0.3.tgz
• seezo_sdr-mcp-server-0.0.5.tgz
• seung-ju_next-0.0.2.tgz
• seung-ju_openapi-generator-0.0.4.tgz
• seung-ju_react-hooks-0.0.2.tgz
• seung-ju_react-native-action-sheet-0.2.1.tgz
• voiceflow_api-sdk-3.28.58.tgz
• voiceflow_backend-utils-5.0.1.tgz
• voiceflow_backend-utils-5.0.2.tgz
• voiceflow_chat-types-2.14.58.tgz
• voiceflow_common-8.9.1.tgz
• voiceflow_fetch-1.11.1.tgz
• voiceflow_general-types-3.2.22.tgz
• voiceflow_google-dfes-types-2.17.12.tgz
• voiceflow_logger-2.4.2.tgz
• voiceflow_logger-2.4.3.tgz
• voiceflow_nestjs-mongodb-1.3.2.tgz
• voiceflow_nestjs-rate-limit-1.3.3.tgz
• voiceflow_nestjs-redis-1.3.2.tgz
• voiceflow_runtime-client-js-1.17.2.tgz
• voiceflow_sdk-runtime-1.43.1.tgz
• voiceflow_slate-serializer-1.7.4.tgz
• voiceflow_stitches-react-2.3.2.tgz
• voiceflow_utils-designer-1.74.19.tgz
• voiceflow_voice-types-2.10.58.tgz
• zapier_ai-actions-0.1.19.tgz
• zapier_babel-preset-zapier-6.4.2.tgz
• zapier_browserslist-config-zapier-1.0.4.tgz
• zapier_eslint-plugin-zapier-11.0.3.tgz
• zapier_eslint-plugin-zapier-11.0.4.tgz
• zapier_spectral-api-ruleset-1.9.2.tgz
• ai-crowl-shield-1.0.7.tgz
• automation_model-1.0.491.tgz
• axios-timed-1.0.2.tgz
• bytecode-checker-cli-1.0.9.tgz
• bytecode-checker-cli-1.0.10.tgz
• calc-loan-interest-1.0.4.tgz
• claude-token-updater-1.0.3.tgz
• coinmarketcap-api-3.1.2.tgz
• coinmarketcap-api-3.1.3.tgz
• colors-regex-2.0.1.tgz
• command-irail-0.5.4.tgz
• compare-obj-1.1.1.tgz
• compare-obj-1.1.2.tgz
• create-director-app-0.1.1.tgz
• create-glee-app-0.2.3.tgz
• create-hardhat3-app-1.1.2.tgz
• create-hardhat3-app-1.1.3.tgz
• create-mcp-use-app-0.5.3.tgz
• create-mcp-use-app-0.5.4.tgz
• designstudiouiux-1.0.1.tgz
• discord-bot-server-0.1.2.tgz
• docusaurus-plugin-vanilla-extract-1.0.3.tgz
• drop-events-on-property-plugin-0.0.2.tgz
• email-deliverability-tester-1.1.1.tgz
• evm-checkcode-cli-1.0.13.tgz
• evm-checkcode-cli-1.0.14.tgz
• exact-ticker-0.3.5.tgz
• expo-audio-session-0.2.1.tgz
• fat-fingered-1.0.2.tgz
• feature-flip-1.0.2.tgz
• fittxt-1.0.3.tgz
• gate-evm-check-code2–2.0.4.tgz
• gate-evm-check-code2–2.0.5.tgz
• gate-evm-check-code2–2.0.6.tgz
• gate-evm-tools-test-1.0.6.tgz
• gate-evm-tools-test-1.0.7.tgz
• generator-ng-itobuz-0.0.15.tgz
• gitsafe-1.0.5.tgz
• go-template-0.1.9.tgz
• hope-mapboxdraw-0.1.1.tgz
• hopedraw-1.0.3.tgz
• hover-design-prototype-0.0.5.tgz
• ito-button-8.0.3.tgz
• itobuz-angular-0.0.1.tgz
• itobuz-angular-button-8.0.11.tgz
• jquery-bindings-1.1.2.tgz
• jquery-bindings-1.1.3.tgz
• kill-port-2.0.3.tgz
• lang-codes-1.0.2.tgz
• mcp-use-1.4.2.tgz
• mcp-use-1.4.3.tgz
• medusa-plugin-logs-0.0.17.tgz
• medusa-plugin-momo-0.0.68.tgz
• medusa-plugin-product-reviews-kvy-0.0.4.tgz
• medusa-plugin-zalopay-0.0.40.tgz
• mon-package-react-typescript-1.0.1.tgz
• ngx-useful-swiper-prosenjit-9.0.2.tgz
• ngx-wooapi-12.0.1.tgz
• okta-react-router-6–5.0.1.tgz
• orbit-boxicons-2.1.3.tgz
• orbit-nebula-draw-tools-1.0.10.tgz
• orbit-nebula-editor-1.0.2.tgz
• orbit-soap-0.43.13.tgz
• orchestrix-12.1.2.tgz
• parcel-plugin-asset-copier-1.1.3.tgz
• pdf-annotation-0.0.2.tgz
• poper-react-sdk-0.1.2.tgz
• posthog-docusaurus-2.0.6.tgz
• posthog-js-1.297.3.tgz
• posthog-node-4.18.1.tgz
• posthog-node-5.11.3.tgz
• posthog-node-5.13.3.tgz
• posthog-react-native-4.11.1.tgz
• posthog-react-native-4.12.5.tgz
• prime-one-table-0.0.19.tgz
• ra-data-firebase-1.0.8.tgz
• react-element-prompt-inspector-0.1.18.tgz
• react-jam-icons-1.0.2.tgz
• react-keycloak-context-1.0.8.tgz
• react-keycloak-context-1.0.9.tgz
• react-library-setup-0.0.6.tgz
• react-micromodal.js-1.0.2.tgz
• react-native-email-2.1.1.tgz
• react-native-get-pixel-dimensions-1.0.1.tgz
• react-native-google-maps-directions-2.1.2.tgz
• react-native-retriable-fetch-2.0.2.tgz
• react-native-view-finder-1.2.2.tgz
• react-native-websocket-1.0.4.tgz
• react-native-worklet-functions-3.3.3.tgz
• redux-router-kit-1.2.3.tgz
• skills-use-0.1.1.tgz
• super-commit-1.0.1.tgz
• tanstack-shadcn-table-1.1.5.tgz
• tcsp-draw-test-1.0.5.tgz
• tcsp-test-vd-2.4.4.tgz
• template-micro-service-1.0.3.tgz
• test-hardhat-app-1.0.2.tgz
• test-hardhat-app-1.0.3.tgz
• tiaan-1.0.2.tgz
• undefsafe-typed-1.0.3.tgz
• undefsafe-typed-1.0.4.tgz
• url-encode-decode-1.0.1.tgz
• web-scraper-mcp-1.1.4.tgz
• zapier-async-storage-1.0.1.tgz
• zapier-async-storage-1.0.2.tgz
• zapier-platform-legacy-scripting-runner-4.0.3.tgz
• zuper-cli-1.0.1.tgz
• zuper-sdk-1.0.57.tgz
• zuper-stream-2.0.9.tgz