NPM Supply Chain Attack Spreads Like Worm in Developer Ecosystem

A fresh wave of malicious npm supply chain attack activity is targeting developers, using a worm-like propagation method to steal credentials and compromise multiple projects. According to new findings from cybersecurity firm Socket, the attack mirrors earlier worm-style campaigns that leveraged blockchain-hosted infrastructure for command and control (C2). This time, the malware is spreading through popular npm packages, putting thousands of developers at risk.

How the NPM Supply Chain Attack Works

The malicious packages, identified as multiple versions of @automagik/genie and pgserve, are designed to execute harmful code during installation. Once installed, the malware scans the infected system for sensitive data stored in environment variables and configuration files. Targeted information includes cloud credentials, CI/CD tokens, SSH keys, and local developer artifacts such as .npmrc files and shell histories.

As a result, the attack goes beyond simple credential theft. It also attempts to access browser-stored data and cryptocurrency wallets, including Chrome profiles and extensions like MetaMask and Phantom. This dual focus on both developer tools and financial assets makes it particularly dangerous.

Worm-Like Propagation and Ecosystem Spread

A key feature of this npm supply chain attack is its ability to self-propagate. The malware extracts npm tokens from the infected system, identifies accessible packages, injects malicious code into them, and republishes them under the compromised developer’s identity. This allows the attack to spread rapidly across the npm ecosystem, infecting other projects that depend on those packages.

Building on this, the malware also includes functionality to propagate via Python’s PyPI repository. It generates malicious packages using .pth file injection when credentials are present, extending its reach beyond the JavaScript ecosystem.

Exfiltration Through Multiple Channels

Data exfiltration occurs through two distinct channels: a standard HTTPS webhook and an endpoint hosted on the Internet Computer Protocol (ICP). The malware can encrypt stolen data using AES-256 and RSA methods, though it also supports plaintext fallback. This dual-channel approach makes detection more challenging for security teams.

Similarities to Previous Campaigns

Researchers have observed strong similarities between this campaign and earlier attacks linked to the TeamPCP group. These include the use of post-install scripts and canister-based infrastructure on the ICP network. However, the exact source of the compromise remains under investigation, leaving the possibility that legitimate projects were hijacked.

For instance, some affected packages show active usage, with one package recording over 6,700 weekly downloads. Inconsistencies between npm releases and Git tags further raise suspicion, suggesting that attackers may have gained access to maintainer accounts or repository credentials.

Protecting Your Development Environment

To defend against this npm supply chain attack, developers should take immediate action. First, audit your project dependencies for any use of @automagik/genie or pgserve. Second, rotate all npm tokens and review repository access permissions. Third, enable two-factor authentication on all package management accounts.

Additionally, consider using package scanning tools that detect malicious code during installation. Socket offers real-time protection against supply chain attacks, and similar tools can help identify suspicious behavior early.

What to Do If Compromised

If you suspect your system is infected, immediately revoke all exposed credentials and tokens. Change passwords for linked accounts, and scan your development machines for malware. Finally, report any suspicious packages to the npm security team to help contain the spread.

As the situation evolves, researchers at Socket warn that additional malicious versions are continuing to emerge. The full scope of the attack is not yet confirmed, but the worm-like propagation mechanism makes this one of the most concerning supply chain threats in recent months.

For more insights on similar threats, read our guide on Malicious Machine Learning Model Attack Discovered on PyPI.