Self Propagating npm Supply Chain Attack Targeting Developer Tokens

A new and active npm supply‑chain attack has been observed abusing compromised maintainer credentials to self‑propagate malicious code across packages in the Node.js ecosystem. The malware steals authentication material (npm tokens, cloud credentials, CI/CD secrets, SSH keys, and wallet data) and uses any discovered publishing tokens to inject itself into additional packages owned by the same maintainer, creating worm‑like lateral spread.

The campaign was identified by Socket and StepSecurity and affects multiple packages published by Namastex Labs, with at least 16 confirmed compromised packages at the time of reporting. Due to its credential‑driven propagation model, the blast radius may expand quickly in environments where developers or CI systems retain publish permissions.

Initial Compromise And Payload Execution

Malicious code was injected into legitimate npm packages and executes automatically when the package is installed. Once running, the payload performs extensive secret discovery on the host system, scanning for:

• npm publishing tokens

• API keys (cloud providers, registries, LLM platforms)

• SSH keys and CI/CD credentials

• Kubernetes and Docker configuration files

• Browser‑stored secrets from Chrome and Firefox, including cryptocurrency wallets (MetaMask, Exodus, Atomic Wallet, Phantom)

Propagation Mechanism

If the malware locates valid npm publishing credentials (e.g., via environment variables or ~/.npmrc), it:

• Enumerates all npm packages the compromised token is authorised to publish

• Injects the same malicious payload into those packages

• Republishes them with incremented version numbers

• Enables recursive infection when downstream developers install the new versions

Researchers explicitly describe the malware as a “supply‑chain worm” capable of autonomously spreading without further attacker intervention once credentials are obtained.

Cross-Ecosystem Risk

If PyPI credentials are discovered on the same system, the malware attempts to compromise Python packages using a .pth‑based persistence mechanism. This expands the attack beyond JavaScript, making it a multi‑ecosystem supply‑chain threat.

Confirmed Affected Packages

At the time of publication, the following packages and versions were confirmed malicious and should be considered fully compromised:

• @automagik/genie (4.260421.33–4.260421.39)

• pgserve (1.1.11–1.1.13)

• @fairwords/websocket (1.0.38–1.0.39)

• @fairwords/loopback-connector-es (1.4.3–1.4.4)

• @openwebconcept/theme-owc@1.0.3

• @openwebconcept/design-tokens@1.0.3

These packages are commonly used in AI agent tooling and backend data services, increasing the value of compromised environments.

Impact

• Credential theft leading to cloud, CI/CD, and repository compromise

• Unauthorised publishing of additional malicious packages

• Downstream compromise of dependent applications

• Loss of intellectual property and secrets

• Cryptocurrency wallet theft in developer environments

Indicators of Compromise

Organisations should investigate for:

• Unexpected npm package version updates with no corresponding upstream change rationale

• Unauthorised publishes from maintainer accounts

• npm tokens accessed outside expected CI/CD workflows

• Presence of unknown scripts or obfuscated JavaScript in dependencies

• Suspicious outbound connections from build pipelines after npm installs

The rapid re‑publishing cadence (multiple malicious versions released within hours) is a notable behavioural indicator in this campaign.

Recommended Mitigations

• Remove all identified malicious package versions from environments and pipelines

• Rotate all secrets potentially exposed on affected systems (npm, GitHub, cloud, CI/CD)

• Revoke npm publish tokens and re‑issue with minimum scope

• Audit publish history for all maintainer accounts

• Audit for related packages with the same public.pem file, the same webhook host, or the same post install pattern

 If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively get in touch to find out how you can protect your organisation.