Four malicious npm packages have been discovered on the official npm registry, capable of stealing SSH keys, cloud credentials, cryptocurrency wallets, and environment variables — while one variant quietly transforms infected machines into a DDoS botnet. The coordinated campaign exploits typosquatting tactics to target Axios users and appears to be fueled by open-source malware leaked just days earlier.
The Four Malicious Packages
The packages — chalk-template, @deadcode09284814/axios-util, axios-utils, and color-style-utils — were detected within the last 24 hours and all versions of each are considered malicious. Combined, they accumulated approximately 2,678 weekly downloads before being flagged by security researchers, meaning thousands of developer environments may already be compromised.
Each package targets a distinct attack objective:
- chalk-tempalte — A near-identical clone of the Shai-Hulud infostealer, exfiltrating credentials, crypto wallets, secrets, and account data to a remote C2 server at
87e0bbc636999b[.]lhr[.]life - @deadcode09284814/axios-util — A straightforward infostealer collecting SSH keys, environment variables, and cloud credentials from AWS, GCP, and Azure, transmitting stolen data to
80[.]200[.]28[.]28:2222 - axios-utils — Delivers a GoLang-based “Phantom Bot” with persistence logic that survives package deletion, plus a DDoS botnet capable of flooding targets with HTTP, TCP, UDP, and TCP reset requests
- color-style-utils — An unobfuscated infostealer harvesting IP addresses, geolocation data, and cryptocurrency wallet information, exfiltrating data to
edcf8b03c84634[.]lhr[.]life
Shai-Hulud Source Code Weaponized
The most alarming discovery is the use of the Shai-Hulud infostealer as the base for this campaign. Shai-Hulud is an open-source malware whose source code was publicly leaked on GitHub by the threat group TeamPCP just last week. The threat actor behind these npm packages copied the Shai-Hulud code with minimal modification — embedding their own C2 server address and private key — and uploaded a fully functional infostealer directly to npm.
The lack of obfuscation in the copied code, a stark contrast to TeamPCP’s original Shai-Hulud deployments, indicates this is a copycat actor rather than TeamPCP itself. Researchers noted that the attack aligns with a supply chain attack competition posted on BreachForums shortly after TeamPCP’s code leak, suggesting that the public release of the malware source is actively inspiring new campaigns from opportunistic threat actors. Infected machines upload stolen credentials to a new GitHub repository, mirroring the original Shai-Hulud exfiltration behavior.
Who Is at Risk?
The campaign uses typosquatting — registering package names that are visually similar to popular, legitimate packages — to target developers who work with the Axios HTTP library, which has hundreds of millions of weekly downloads. Developers who inadvertently install one of the malicious packages by mistyping a package name, or who are caught by automated dependency resolution in CI/CD pipelines, risk immediate credential theft from their development machines.
The threat extends beyond individual developers. In enterprise environments, compromised developer workstations or CI/CD pipelines can expose AWS, GCP, and Azure cloud credentials, SSH keys for production servers, internal API keys and secrets, and access tokens for code repositories and deployment systems. A single infected build agent in a CI/CD pipeline could expose an organization’s entire cloud infrastructure.
Indicators of Compromise
Organizations should monitor for the following indicators of compromise (IOCs):
- C2 Domain:
87e0bbc636999b[.]lhr[.]life - C2 IP/Port:
80[.]200[.]28[.]28:2222 - C2 Domain:
b94b6bcfa27554[.]lhr[.]life - C2 Domain:
edcf8b03c84634[.]lhr[.]life - Search GitHub repositories for the string:
A Mini Sha1-Hulud has Appearedas a potential post-infection indicator
Immediate Response Steps
Anyone who installed any version of the affected packages should act immediately:
- Uninstall all four malicious packages from affected systems without delay
- Delete any related malicious configurations from IDEs, coding agents, and development environments
- Rotate all credentials and keys on potentially affected machines — including cloud access keys, SSH keys, API tokens, and repository credentials
- Block network access to all C2 domains and IP addresses listed in the IOC section above
- Audit CI/CD pipeline logs for signs of unauthorized package installation or anomalous outbound network connections
- Review recent GitHub repository activity for signs of credential-based unauthorized access
The Growing npm Supply Chain Threat
This incident is the latest in a string of high-profile supply chain attacks targeting the npm ecosystem. As open-source malware source code becomes increasingly accessible — through deliberate leaks, GitHub repositories, and dark web forums — the barrier to entry for supply chain attacks continues to fall. Security teams responsible for development environments must implement strict package vetting procedures, use software composition analysis (SCA) tools, and monitor outbound network traffic from build systems to detect and contain these threats before they reach production infrastructure.