BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Four Malicious npm Packages Steal Data, Spread Botnet

Malicious npm packages deploy DDoS botnet and clone leaked worm to steal data.

  • Four malicious npm packages discovered distributing information-stealing malware and a DDoS botnet.
  • One package contains a clone of the open-source Shai-Hulud worm leaked by TeamPCP.
  • Attackers are exfiltrating data like SSH keys, wallet info, and credentials to specific remote servers.

Cybersecurity researchers have uncovered a new supply chain attack involving four malicious npm packages designed to steal information and deploy a distributed denial-of-service (DDoS) botnet. According to OX Security, one package is a direct clone of the “Shai-Hulud” worm source code recently leaked by TeamPCP. Consequently, this campaign highlights how open-source weaponization accelerates threats in the software ecosystem.

- Advertisement -

The identified packages, including “chalk-tempalte” and “axois-utils,” were uploaded by the same npm user “deadcode09284814” and remain downloadable. Analysis shows “axois-utils” delivers a Golang-based DDoS botnet called Phantom Bot, establishing persistence on Windows and Linux systems. Meanwhile, the other three packages drop stealer payloads, with “chalk-tempalte” cloning the Shai-Hulud worm to send stolen credentials to a remote server.

Interestingly, the stolen data is also exported to a public GitHub repository via API, described as “A Mini Sha1-Hulud has Appeared.” The other two packages siphon SSH keys, environment variables, cloud credentials, and cryptocurrency wallet data to specific command-and-control servers. OX Security warned that “threat actors are getting even more motivated to conduct supply chain and typo-squatting” as such attacks become easier. Users who downloaded these packages should immediately uninstall them, rotate secrets, and block network access to the suspicious domains mentioned in the reports.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

China’s Free AI Models Won’t Kill The AI Boom

Chinese LLMs like DeepSeek and Qwen are advancing rapidly, but the AI boom's core...

S. Korea regulator sends Upbit inspection letter over $36M hack

South Korea’s Financial Supervisory Service formally began sanctions against Dunamu, Upbit’s operator, after the...

Apple Stock Nears $323 Target Amid Rally Momentum

Apple stock trades above key moving averages, signaling strength toward the $323.35 target rangeTechnical...

France orders Polymarket block over illegal gambling

France’s National Gambling Authority (ANJ) ordered ISPs to block Polymarket, deeming prediction markets illegal...

ChartUp Solana Volume Bot: An All-in-One Toolkit Review

Solana teams often assemble testing workflows from unrelated scripts, wallets, dashboards, and venue-specific services....

Must Read

7 Best Cryptocurrency Lending Platforms in 2025 (Ranked & Reviewed)

QUICK LINKSOur MethodologyHow to Choose the Best Crypto Lending Platform: Key Factors to ConsiderIn-Depth Reviews of the 7 Best Crypto Lending Platforms1. Nexo -...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading