NPM Supply Chain Attack — Adversary Report Summary

Published: Sep 9, 2025 • Author: Devaraj Govindhan

1. Executive Summary

On September 8, 2025, a large-scale supply chain attack targeted the npm ecosystem after attackers compromised the account of maintainer Josh “Qix” Junon via a phishing campaign. Using the fake domain npmjs[.]help, attackers obtained credentials and published malicious versions of 18 widely used npm packages (for example: chalk, debug, ansi-styles, strip-ansi), totaling approximately 2.6 billion weekly downloads.

The injected malware was crafted to intercept cryptocurrency and Web3 wallet activity in browsers and silently redirect transactions to attacker-controlled wallets. Although the malicious updates were removed within hours, the incident demonstrates how a single compromised maintainer account can create systemic risks across the software ecosystem.

2. Attack Timeline

Date	Event
Sep 5, 2025	Domain `npmjs[.]help` registered by threat actor.
Sep 8, 2025 09:00 ET	Phishing email sent to npm maintainers urging 2FA update before Sept 10.
Sep 8, 2025 09:15 ET	Maintainer account (Josh “Qix” Junon) compromised after clicking link on mobile device.
Sep 8, 2025 09:30–11:30 ET	Malicious versions of 18 packages published, affecting fresh installs with new lockfiles.
Sep 8, 2025 13:16 UTC	Aikido Security detects abnormal package updates and alerts the maintainer.
Sep 8, 2025 15:15 UTC	Cleanup begins: compromised packages unpublished or rolled back by npm team.
Sep 9, 2025	Public disclosure by multiple vendors and community researchers.

3. Technical Analysis

3.1 Attack Vector

Initial access was gained via a spearphishing email from support@npmjs[.]help which led to a fake login page. Credentials submitted to that page were sent to a malicious endpoint at:

https://websocket-api2[.]publicvm[.]com/images/jpg-to-png.php?name=[name]&pass=[password]

With the stolen credentials the adversary published trojanized package updates directly to npm.

3.2 Malware Behavior

Injection & Hooking: Malicious code injected into index.js hooked browser APIs (fetch, XMLHttpRequest) and wallet APIs (window.ethereum, Solana APIs).
Surveillance: Scanned responses and transaction payloads for cryptocurrency addresses across ETH, BTC, SOL, TRX, LTC, BCH.
Replacement: Rewrote legitimate recipient addresses with attacker-controlled addresses (often lookalikes).
Hijacking: Altered transaction parameters before signing so funds were rerouted even when the UI appeared normal.
Stealth: Heavy obfuscation (_0x-style variables), fake success responses, and minimized UI changes to avoid detection.

3.3 Scope & Dependency Risk

A total of 18 packages were modified. While these packages are deeply embedded across the JavaScript ecosystem, many projects use locked dependency files (package-lock.json) which limited exposure to fresh installs performed during the ~2.5-hour attack window.

4. Victim Impact

Theoretical Reach: ~2.6–2.7 billion downloads per week.

Practical Impact: The real-world impact was primarily limited to fresh installs or builds that regenerated lockfiles during the compromise window. Applications that interact with Web3 wallets were the primary risk vector; standard non-crypto apps were unaffected by the wallet-specific payload.

5. Adversary Tactics & Indicators

5.1 Attribution

Threat actor: Unknown — likely financially motivated to steal cryptocurrency. Observed and reported by Aikido Security, Privy, SOCRadar, and multiple community researchers.

5.2 MITRE ATT&CK Mapping

Tactic	Technique & ID
Initial Access	Phishing: Spearphishing Link — T1566.002
Credential Access	Capture Application Credentials — T1556
Execution	Command & Scripting Interpreter (JS injection) — T1059
Collection	Automated Collection / API hooks — T1119
Exfiltration / Impact	Data Manipulation (wallet address swapping) — T1565.001

5.3 IOCs

      Phishing Domain: npmjs[.]help

      Credential Exfil Endpoint: websocket-api2[.]publicvm[.]com/images/jpg-to-png.php?name=[name]&pass=[password]

      Phishing Email: support@npmjs.help

      Timeframe: Sep 8, 2025, 09:00–11:30 ET

5.4 Impacted Packages

The following packages had malicious versions published during the attack window. Download counts are approximate weekly figures.

Package Name	Weekly Downloads (approx.)
backslash	0.26 million
chalk-template	3.9 million
supports-hyperlinks	19.2 million
has-ansi	12.1 million
simple-swizzle	26.26 million
color-string	27.48 million
error-ex	47.17 million
color-name	191.71 million
is-arrayish	73.8 million
slice-ansi	59.8 million
color-convert	193.5 million
wrap-ansi	197.99 million
ansi-regex	243.64 million
supports-color	287.1 million
strip-ansi	261.17 million
chalk	299.99 million
debug	357.6 million
ansi-styles	371.41 million

6. Mitigation & Recommendations

6.1 Immediate Actions for Developers & Organizations

Rollback: Ensure usage of safe, pre-compromise versions of affected packages.
Audit Dependencies: Check package.json and package-lock.json for updates during the attack window.
Monitor Wallet Transactions: Investigate anomalies in crypto-related applications.
Enable 2FA & Hardware Keys: Protect maintainer accounts from phishing-based takeovers.

6.2 Strategic Recommendations

Dependency Hygiene: Pin exact versions in package-lock.json and enable automated integrity checks (e.g., npm audit).
Registry Security: Mandatory hardware-based 2FA for npm maintainers and automated anomaly detection for sudden high-impact package updates.
Ecosystem Defense: Promote adoption of Software Bills of Materials (SBOMs) and continuous monitoring for obfuscated code patterns in registries.

7. Appendix: IOCs, Logs, and Review Checklist

7.1 Indicators of Compromise

Phishing Domain: npmjs[.]help
Credential Exfil URL: websocket-api2[.]publicvm[.]com
Packages Compromised: 18 packages (chalk, debug, ansi-styles, strip-ansi, etc.)

7.2 Logs to Review

npm install/update logs during Sep 8, 2025, 09:00–11:30 ET.
GitHub Actions / CI logs for dependency pulls.
Application error logs showing obfuscated JS injection.

7.3 Search Strings in Code Review

_0x-style obfuscation
Hardcoded wallet addresses
Hooks to window.ethereum, fetch, XMLHttpRequest

8. Conclusion

The Largest npm Supply Chain Compromise (Sep 2025) highlights the fragility of the open-source ecosystem. A single successful phishing email enabled attackers to weaponize 18 foundational libraries with over 2.6 billion weekly downloads, threatening global application security. Although the impact was contained by rapid detection and the short infection window, the attack reveals systemic weaknesses: maintainer account protection, dependency trust, and registry monitoring. Going forward, organizations must adopt rigorous dependency hygiene, hardware-based MFA, SBOMs, and anomaly detection to defend against future supply chain attacks.