PhantomRaven Attack Uses 126 Malicious npm Packages with More Than 86,000 Downloads

A sophisticated supply chain attack campaign dubbed PhantomRaven has compromised developer systems worldwide through 126 malicious npm packages that collectively garnered over 86,000 downloads.

Discovered by Koi Security in October 2025, the campaign employed an advanced evasion technique called Remote Dynamic Dependencies (RDD) that allowed malicious code to remain invisible to most security scanning tools.

The attack campaign began in August 2025 when the first malicious packages were published to the npm registry. While npm initially detected and removed 21 packages, the attacker successfully uploaded 80 additional packages between September and October 2025 that evaded detection.

The threat actor used a series of email accounts from free providers, including jpdtester01@hotmail.com through jpdtester13@gmail.com, operating under usernames such as npmhell and npmpackagejpd.

Remote Dynamic Dependencies Bypass Security Tools

PhantomRaven’s primary innovation was exploiting npm’s support for HTTP URLs as dependency specifiers. Instead of listing standard dependencies that security tools could analyze, the malicious packages referenced external URLs pointing to packages.storeartifact.com.

When developers installed these packages, npm automatically fetched dependencies from the attacker-controlled server rather than the official npm registry.

This technique proved devastatingly effective because npmjs.com does not follow external URLs during package analysis, causing security scanners and dependency analysis tools to display “0 Dependencies” for affected packages.

The visible source code on npm appeared completely benign, containing only simple hello world scripts, while the actual malicious payload remained hidden on the attacker’s infrastructure.

The malicious code executed automatically through npm’s lifecycle scripts, specifically the preinstall hook that runs before package installation completes.

This automatic execution required no user interaction, allowing the malware to activate within seconds of running npm install, regardless of how deep in the dependency tree the malicious package appeared.

Credential Theft and System Fingerprinting

Once installed, PhantomRaven systematically harvested sensitive credentials from compromised development environments.

The malware targeted npm authentication tokens, GitHub Actions tokens, GitLab CI credentials, Jenkins credentials, and CircleCI tokens, which could grant attackers access to repositories, CI/CD pipelines, and package publishing capabilities.

The malware performed comprehensive system fingerprinting by collecting email addresses from environment variables, .gitconfig and .npmrc files, and the package.json author field.

It gathered system information, including public IP addresses, hostnames, operating system details, Node.js versions, and current directory paths to profile compromised environments.

PhantomRaven employed redundant exfiltration methods, including HTTP GET requests with URL-encoded data, HTTP POST requests with JSON payloads, and WebSocket connections to backup servers.

This multi-layered approach ensured successful data exfiltration even in restricted network environments with aggressive firewall configurations.

The campaign also exploited “slopsquatting” by creating packages with names similar to legitimate ones that AI assistants might hallucinate, such as “unused-imports” instead of “eslint-plugin-unused-imports,” capitalizing on developer trust in AI-generated recommendations.

Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates

The post PhantomRaven Attack Uses 126 Malicious npm Packages with More Than 86,000 Downloads appeared first on Cyber Security News.