Skip to main content
Emerging ThreatsMalware & Ransomware

Malicious npm Packages Deliver Infostealers and DDoS Malware

Software development workspace with laptop, terminal windows, coding notes, and empty coffee cups in a neutral office…

"The actor took the code, and almost without any change at all -- uploaded a working version with its own C2 server and private key into npm," OX Security said.

‘A Mini Sha1-Hulud’ — a direct clone of the Shai-Hulud worm lands on npm

Researchers at OX Security found that one of four newly identified malicious npm packages contains a near-identical copy of the Shai-Hulud worm source code that TeamPCP leaked last week. The package, published under the account "deadcode09284814" and named chalk-tempalte, not only embeds the Shai-Hulud code but also ships a functioning command-and-control (C2) configuration pointing to 87e0bbc636999b.lhr[.]life, according to OX Security’s analysis.

OX Security described how the package automatically sends stolen credentials to that remote C2 server and then exports the data to a new public GitHub repository using a stolen GitHub token via the API. That repository is given the description "A Mini Sha1-Hulud has Appeared."

Four malicious packages published by a single npm user

OX Security identified four separate npm packages published by the same user, "deadcode09284814," each containing malicious payloads but differing in behavior. The packages and their recorded download counts are:

  • chalk-tempalte (825 Downloads)
  • @deadcode09284814/axios-util (284 Downloads)
  • axois-utils (963 Downloads)
  • color-style-utils (934 Downloads)

As of writing, OX Security reports that all four libraries remain available for download from npm.

Phantom Bot: a Golang DDoS payload hidden in axois-utils

Among the four, the axois-utils package carries a Golang-based distributed denial-of-service botnet called Phantom Bot. OX Security’s analysis shows Phantom Bot has capabilities to flood a target website using HTTP, TCP, and UDP protocols. The package also attempts to establish persistence on both Windows and Linux systems by adding the payload to the Windows Startup folder and creating a scheduled task.

Those persistence mechanisms indicate the package does more than transient exploitation: it attempts to remain resident on compromised hosts and participate in network disruption operations.

Infostealers, targeted exfiltration endpoints, and misuse of GitHub

The other three packages — chalk-tempalte, @deadcode09284814/axios-util, and color-style-utils — deploy information-stealing payloads with differing targets and exfiltration endpoints. OX Security reports that @deadcode09284814/axios-util and color-style-utils siphon SSH keys, environment variables, cloud credentials, system information, IP addresses, and cryptocurrency wallet data to two network destinations: 80.200.28[.]28:2222 and edcf8b03c84634.lhr[.]life, respectively.

For the Shai-Hulud clone in chalk-tempalte, stolen credentials were forwarded to 87e0bbc636999b.lhr[.]life and then exported to the public GitHub repository described above, via the stolen GitHub token and the GitHub API. OX Security’s account makes clear the actor tied automated exfiltration to public data staging on GitHub.

What this means for technologists, open-source maintainers, and developers

Technologists and security teams: OX Security’s advisory includes immediate remediation steps: uninstall any of the four packages if installed; search for and remove malicious configuration from IDEs and coding agents such as Claude Code; rotate secrets; and block network access to the suspicious domains and IPs identified in the analysis. The advisory implicitly places urgency on secret rotation and network controls where the packages were used.

Open-source maintainers and package registries: The event highlights a case where a single npm user published multiple differing payloads under similar package names and where a repository was used as an exfiltration staging area. OX Security framed the activity as part of a broader push in supply chain abuse: "Threat actors are getting even more motivated to conduct supply chain and typo-squatting, as attacks become easier to perform with the Shai-Hulud code becoming open source," the company said.

End users and developers who downloaded these packages: In addition to uninstalling the packages, OX Security advises checking for public GitHub repositories containing the string "A Mini Sha1-Hulud has Appeared," deleting any malicious configurations from development tools, and rotating any potentially exposed credentials.

OX Security described the chalk-tempalte example as "probably inspired as part of the supply chain attack competition that was published in BreachForums," a linkage the analysts used to explain motivation. The company also warned that what is visible on npm may be only a "first phase" of a larger wave of supply chain attacks, noting that a single actor is now using multiple techniques and infostealer types to spread malicious code onto npm.

For defenders, the immediate record is concrete: four named packages, multiple exfiltration endpoints (87e0bbc636999b.lhr[.]life, edcf8b03c84634.lhr[.]life, and 80.200.28[.]28:2222), a GitHub repository description to search for, and practical remediation steps OX Security lays out. For the wider community, the case raises a clear operational question left in the open by the company’s findings: with these packages still available on the registry at time of reporting, how rapidly will removal, further detection, and secret remediation follow?

Read the original advisory: https://thehackernews.com/2026/05/four-malicious-npm-packages-deliver.html