Start your day with intelligence. Get The OODA Daily Pulse.

Subscribe Sign In

Home > Briefs > Cyber > 136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

136 NPM Packages Delivering Infostealers Downloaded 100,000 Times

Cyber

Malicious NPM packages steal data from developers.

Researchers uncovered two malware campaigns using 136 NPM packages to steal sensitive data from development environments. The packages, downloaded nearly 100,000 times, used postinstall and preinstall hooks to silently deploy Python-based information stealers. One campaign, PhantomRaven, exploited remote dependencies and typosquatting to evade detection and target credentials, tokens, and browser data. Experts warn that traditional dependency vetting is no longer enough to prevent these attacks.

Read more:

https://www.securityweek.com/136-npm-packages-delivering-infostealers-downloaded-100000-times/

Tagged: Data malware NPM package

Related Posts

OODALoop Logo

Informing your decisions with actionable intelligence

Become a Member

Copyright © 2025 — All Rights Reserved.

Subscribe Sign In