Four newly discovered malicious npm packages are actively stealing SSH keys, cloud credentials, and cryptocurrency wallets, with one variant capable of transforming infected machines into a DDoS botnet. The campaign, attributed to a single threat actor, leverages typosquatting to target developers working with the Axios HTTP library, accumulating approximately 2,678 weekly downloads across all four packages before detection. The packages—**chalk-template**, **@deadcode09284814/axios-util**, **axios-utils**, and **color-style-utils**—are all considered malicious in every version.
Shai-Hulud Source Code Weaponized in Copycat Attack
The most technically significant package, **chalk-template**, contains a near-identical clone of the Shai-Hulud infostealer, an open-source malware whose source code was publicly leaked on GitHub by the group TeamPCP just last week. The threat actor copied the code with minimal modification, embedding their own command-and-control (C2) server address and private key, then uploaded the working package directly to npm without obfuscation. Researchers note this aligns with a supply chain attack competition posted on BreachForums shortly after TeamPCP’s leak, confirming the actor is a copycat rather than the original group. Infected machines exfiltrate stolen credentials to a new GitHub repository, mirroring Shai-Hulud’s core behavior.
Four Packages, Distinct Attack Profiles
Each package targets a different attack objective, demonstrating a coordinated, multi-vector strategy. **chalk-template** operates as a full Shai-Hulud clone, exfiltrating credentials, crypto wallets, and secrets to a remote C2 server at `87e0bbc636999b[.]lhr[.]life`. **@deadcode09284814/axios-util** is a straightforward infostealer collecting SSH keys, environment variables, and cloud credentials from AWS, GCP, and Azure, transmitting data to `80[.]200[.]28[.]28:2222`. **axios-utils** delivers a GoLang-based “Phantom Bot” with persistence logic that survives package deletion, plus a DDoS botnet capable of flooding targets with HTTP, TCP, UDP, and reset requests. **color-style-utils** is an unobfuscated infostealer harvesting IP addresses, geolocation data, and cryptocurrency wallets, exfiltrating to `edcf8b03c84634[.]lhr[.]life`.
Immediate Remediation and Indicators of Compromise
Organizations that have installed any version of these packages must act immediately. Uninstall all four malicious packages without delay, delete any related malicious configurations from IDEs and coding agents—including Claude Code—and rotate all credentials and keys on affected machines. Search GitHub repositories for the string “A Mini Sha1-Hulud has Appeared” as a potential indicator of compromise, and block network access to all C2 domains and IPs listed below. The defanged indicators include: `87e0bbc636999b[.]lhr[.]life`, `80[.]200[.]28[.]28:2222`, `b94b6bcfa27554[.]lhr[.]life`, and `edcf8b03c84634[.]lhr[.]life`.
This campaign signals a dangerous new trend: the democratization of sophisticated malware. With Shai-Hulud now publicly available, the barrier to launching capable supply chain attacks has dropped dramatically. OX Security warns this is likely just the first wave, as vibe-coded malware proliferates across npm, with each variant harvesting different data types for various criminal purposes—from credential theft and crypto-draining to full botnet recruitment—all from a single npm account. For enterprise security teams, this underscores the critical need for automated package vetting, runtime monitoring, and rapid incident response protocols in modern software supply chains.
— Originally reported by Cyber Security News. Adapted and republished with editorial context for MacThreat.
