Full Report
Cybersecurity researchers have uncovered yet another active software supply chain attack campaign targeting the npm registry with over 100 malicious packages that can steal authentication tokens, CI/CD secrets, and GitHub credentials from developers' machines. The campaign has been codenamed PhantomRaven by Koi Security. The activity is assessed to have begun in August 2025, when the first
Analysis Summary
# Tool/Technique: PhantomRaven Campaign
## Overview
PhantomRaven is the codename for an active software supply chain attack campaign targeting the npm registry. The campaign utilizes over 100 malicious npm packages designed to steal sensitive information from developers' machines, including authentication tokens, CI/CD secrets, and GitHub credentials.
## Technical Details
- Type: Malware Campaign utilizing Malicious Packages
- Platform: Developers using the npm registry ecosystem (likely Node.js/JavaScript environments)
- Capabilities: Remote Dynamic Dependency (RDD) loading, automated execution via lifecycle scripts, information harvesting, and data exfiltration.
- First Seen: August 2025
## MITRE ATT&CK Mapping
- **TA0006 - Credential Access**
- T1552 - Credentials From Configuration Files
- T1552.006 - Credentials from Web Session Cookie
- **TA0010 - Exfiltration**
- T1041 - Exfiltration Over C2 Channel
- **TA0005 - Defense Evasion**
- T1218 - System Binary Proxy Execution (If leveraging system utilities for exfiltration)
- **TA0001 - Initial Access**
- T1195 - Supply Chain Compromise
- T1195.002 - Compromise Software Supply Chain
## Functionality
### Core Capabilities
* **Supply Chain Compromise:** Malicious code is hidden within trusted-looking npm packages.
* **Remote Dynamic Dependency (RDD) Loading:** Packages point to a custom, attacker-controlled HTTP URL (`packages.storeartifact[.]com`) to fetch additional malicious code, bypassing static analysis tools that only check dependencies listed in the package manifest.
* **Automated Execution:** Utilizes package lifecycle scripts (pre-install hook mentioned) to trigger the main payload automatically upon package installation.
* **Information Gathering:** Scans the developer environment to collect email addresses, CI/CD environment details, and system fingerprints (including public IP address).
### Advanced Features
* **Slopsqautting:** The domain name of the malicious packages is chosen to exploit "slopsqautting"—using plausible but non-existent package names, often those hallucinated by Large Language Models (LLMs), to evade detection and gain developer trust.
* **Evasion:** The use of RDD makes the malicious payload invisible to static dependency analysis tools, as the actual source of the payload is an external HTTP request, not a listed dependency.
* **Dynamic Payload Serving:** The attacker controls the external server, allowing them to *tailor* payloads or initially serve harmless code before later pushing malicious versions once broader adoption is achieved.
## Indicators of Compromise
* File Hashes: Not explicitly provided in the text.
* File Names: Malicious packages mentioned include: `op-cli-installer`, `unused-imports`, `badgekit-api-client`, `polyfill-corejs3`, and `eslint-comments`.
* Registry Keys: Not applicable/not mentioned.
* Network Indicators: External server utilized for RDD: `packages[.]storeartifact[.]com` (Defanged)
* Behavioral Indicators: Execution of pre-install/install/post-install lifecycle scripts during `npm install`. Network connections originating from the developer machine to the external artifact domain.
## Associated Threat Actors
* Not explicitly attributed to a named APT group; the campaign is codenamed **PhantomRaven** by Koi Security.
## Detection Methods
- Signature-based detection: Ineffective against RDDs as static scanners often ignore URLs listed in lifecycle scripts or external fetches.
- Behavioral detection: Crucial for detecting the execution of arbitrary code via lifecycle scripts (`preinstall`, `install`, `postinstall`) during package installation. Monitoring outbound network connections made by installation processes to untrusted external URLs.
- YARA rules: Not provided in the text, but could target strings or obfuscation techniques within the package scripts.
## Mitigation Strategies
- **Audit Package Scripts:** Developers and security tools must inspect package lifecycle scripts (`preinstall`, `install`, `postinstall`), especially in newly introduced or lesser-known dependencies.
- **Use Secure Registries/Proxies:** Utilize private or trusted artifact repositories that can cache and scan content instead of allowing direct fetching from arbitrary HTTP URLs during installation.
- **Review Outbound Traffic:** Implement network monitoring to detect installation processes connecting to external, untrusted domains.
- **Limit Trust:** Be highly skeptical of packages relying on external URLs for dynamic content retrieval.
## Related Tools/Techniques
* Supply Chain Attacks
* Slopsqautting
* Remote Dynamic Dependency (RDD) Loading
* Malicious npm Packages (e.g., Accountjs, Colorama)