One affected package shows more than 6,700 weekly downloads — and researchers say the malicious code executes the moment a developer installs it.
Socket’s findings: developer tooling turned delivery vehicle
Security firm Socket reported that several npm packages have been identified distributing malware designed to steal credentials and to spread across developer ecosystems. Impacted packages include multiple versions of @automagik/genie and pgserve, both of which are linked to developer tooling workflows. Socket found the malware executes during installation, harvesting sensitive data and attempting to republish compromised packages using stolen credentials.
Malware behavior: what is harvested and how it leaves the host
The payload scans infected systems for secrets stored in environment variables and configuration files. Socket’s analysis lists targeted data types explicitly: cloud credentials, CI/CD tokens, SSH keys and local developer artifacts such as .npmrc files and shell histories. The malware also attempts to access browser-stored data and cryptocurrency wallets, naming Chrome profiles and extensions including MetaMask and Phantom as targets. Exfiltration occurs through two channels Socket observed: a standard HTTPS webhook and an Internet Computer Protocol (ICP) endpoint. Transmitted data may be encrypted using AES-256 and RSA methods, although Socket notes a plaintext fallback is possible.
Self-propagation: npm token theft, package injection and PyPI reach
A central, worm-like capability identified by Socket is the malware’s ability to spread within package ecosystems. The malicious code extracts npm tokens from infected systems, enumerates accessible packages, injects malicious code, and republishes those packages — enabling further compromise across the npm ecosystem. Socket also documented functionality that targets Python’s PyPI: when credentials are present, the malware can generate malicious PyPI packages using .pth file injection, providing a cross-ecosystem propagation path.
Use of blockchain-hosted infrastructure and links to prior campaigns
Socket says the activity mirrors earlier worm-style supply chain attacks that used blockchain-hosted infrastructure for command and control. Specifically, researchers observed canister-based infrastructure on the Internet Computer Protocol (ICP) being employed as a C2 mechanism. Socket further notes similarities with prior campaigns linked to TeamPCP, including the use of post-install scripts and canister-based infrastructure. At the same time, Socket cautions the exact source of the compromise remains under investigation.
What this means for developers, package maintainers, and security teams
- Developers: be aware that packages which execute during installation can harvest environment variables, .npmrc files, shell histories, browser profiles, and crypto-wallet extensions named by Socket; packages with active usage can still be malicious — Socket found one with more than 6,700 weekly downloads.
- Package maintainers: Socket’s report raises the possibility that legitimate projects were hijacked; inconsistencies between npm releases and Git tags observed by researchers are among the red flags to review in a repository’s history and release flow.
- Security teams: exfiltration in this campaign has used both HTTPS webhooks and ICP endpoints, and attackers may encrypt stolen data with AES-256 or RSA while retaining plaintext fallbacks — monitoring outbound connections and unusual package republishing activity are specific behaviours highlighted by Socket.
Evidence in Socket’s analysis suggests the operation is active and evolving: additional malicious versions have continued to emerge and the full scope of affected packages has not yet been confirmed. If legitimate projects were hijacked and republished, the mechanisms developers rely on to fetch tooling could become vectors for further compromise — a dynamic Socket’s research shows is already under way and still under investigation.
Source: https://www.infosecurity-magazine.com/news/npm-supply-chain-worm-canister/
