Full Report
An active campaign named 'PhantomRaven' is targeting developers with dozens of malicious npm packages that steal authentication tokens, CI/CD secrets, and GitHub credentials. [...]
Analysis Summary
# Threat Actor: PhantomRaven
## Attribution & Identity
No specific threat actor group or individual attribution is provided in the article. The activity is identified purely by the campaign name 'PhantomRaven'.
## Activity Summary
PhantomRaven is an active campaign that began in August (implied 2025, given the article date) targeting software developers. The campaign involved publishing dozens (specifically 126 mentioned) of malicious npm packages onto the Node Package Manager (NPM) platform. These packages accumulated over 86,000 downloads before detection. The goal is primarily credential and secret theft from compromised developer environments.
## Tactics, Techniques & Procedures
- **Supply Chain Compromise:** Exploiting the NPM ecosystem by publishing malicious packages.
- **Package Impersonation:** Mimicking legitimate projects (some impersonating GitLab or Apache tools).
- **Slopsquatting:** Utilizing packages resulting from AI hallucinated recommendations, where LLMs suggest non-existent or malicious package names to developers.
- **Remote Dynamic Dependencies (RDD):** Packages declare zero dependencies in their manifest but automatically fetch and execute external payloads during the `npm install` process. This technique is used to evade static analysis.
- **Device Profiling:** Initial payload executes to profile the infected device to determine target value.
- **Credential Harvesting:** Searching the victim’s environment variables for sensitive data.
- **Data Exfiltration:** Using three distinct methods:
1. HTTP GET requests with data encoded in the URL.
2. HTTP POST requests containing JSON data.
3. Data transmission via a WebSocket connection.
## Targeting
- **Sectors:** Software Development/Technology (targeting developers using Node.js/NPM).
- **Geography:** Not explicitly stated, but the reliance on public repositories like NPM suggests a global target scope.
- **Victims:** Developers utilizing the NPM repository, specifically those who inadvertently install malicious packages.
## Tools & Infrastructure
- **Malware Families Used:** The malicious npm packages themselves act as the initial compromise vector/loader. The payloads leverage RDD.
- **Infrastructure (C2, domains, IPs):** The campaign relies on external URLs fetched dynamically during installation to deliver the secondary payload. Specific IoCs (Infrastructure used in attacks) are mentioned as being documented in the Koi Security report, but are not detailed in this summary text. (No specific URLs/IPs provided to defang.)
## Implications
The PhantomRaven campaign represents a sophisticated supply chain risk, particularly concerning the growing reliance on AI-suggested dependencies ("slopsquatting"). The use of RDD allows the malware to bypass traditional static security scans. Successful compromise grants access to high-value secrets (CI/CD tokens), posing a severe risk for derivative supply chain attacks against software pipelines.
## Mitigations
- Avoid consulting Large Language Models (LLMs) for package suggestions when building software projects.
- Developers must strictly vet all dependencies, especially those fetched dynamically or those that appear legitimate but are not from reputable vendors.
- Utilize tools capable of dynamic analysis or behavioral monitoring to detect RDD execution patterns.
- Review package installation logs closely to identify unexpected external network calls during `npm install`.