Cybersecurity researchers have discovered a series of malicious npm packages designed to steal cryptocurrency wallets and sensitive data.
This activity is tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, can be found below.
React Performance Suite React State Optimizer Core React Fast Utility sa ai-fast-auto-trader pkgnewfefame1 Carbon Mac Copy Cloner Coinbase Desktop SDK
“The package itself is phishing the sudo password used to run the final stage, and is using a sophisticated method of displaying fake npm installation logs to hide its real functionality and evade detection,” Lucija Valentić, a software threat researcher at ReversingLabs, said in a report shared with The Hacker News.
The identified Node.js library not only falsely claims to download additional packages, but also injects random delays to give the impression that the installation process is in progress. At some point during this step, the user is warned that the installation is failing because they do not have write permissions to “/usr/local/lib/node_modules”, which is the default location for Node.js packages that are installed globally on Linux and macOS systems.
It also instructs the victim to enter the root or administrator password to continue with the installation. Once the password is entered, the malware silently retrieves the next stage of the downloader, accessing the Telegram channel to obtain the final payload URL and the key needed to decrypt it.
The attack culminates in the deployment of a remote access Trojan that can collect data, target cryptocurrency wallets, and wait for further instructions from an external server.
ReversingLabs said this activity sharing overlaps with an activity cluster JFrog documented earlier this month under the name GhostClaw, but it is currently unclear whether this is the work of the same threat actor or an entirely new campaign.
GhostClaw uses GitHub repositories and AI workflows to deliver macOS Stealer
Jamf Threat Labs said in an analysis published last week that the GhostClaw campaign uses GitHub repositories and artificial intelligence (AI)-assisted development workflows to deliver credential-stealing payloads on macOS.
“These repositories are disguised as legitimate tools, such as trading bots, SDKs, and developer utilities, and are designed to appear trustworthy at first glance,” said security researcher Thijs Xhaflaire. “Some of the identified repositories have amassed significant engagement, in some cases exceeding hundreds of stars, further reinforcing their perceived legitimacy.”
In this campaign, repositories are initially populated with benign or partially functional code and left unmodified for long periods of time to build trust among users before malicious components are introduced. Specifically, the repository includes a README file that guides developers to run shell scripts as part of the installation procedure.
Variants of these repositories contain SKILL.md files and primarily target Al-oriented workflows under the guise of installing external skills via AI agents such as OpenClaw. Regardless of the method used, the shell script initiates a multi-step infection process that ends with the stealer deployment. The entire sequence of actions is:
Identify your host architecture and macOS version, check if Node.js is already present, and install a compatible version if necessary. To avoid red flags, the installation is done in a user-controlled directory. The virus calls ‘node scripts/setup.js’ and ‘node scripts/postinstall.js’, transitions execution to a JavaScript payload, steals system credentials, connects to a command and control (C2) server to deliver GhostLoader malware, and clears the terminal to remove any trace of malicious activity.
This script also comes with an environment variable named “GHOST_PASSWORD_ONLY”. Setting this to zero displays a fully interactive installation flow with progress indicators and user prompts. When set to 1, the script launches a simplified execution path that focuses primarily on collecting credentials without any additional user interface elements.
Interestingly, in at least some cases, the “postinstall.js” script displays an innocuous success message indicating that the installation was successful and that the user can configure the library in the project by running the “npx react-state-optimizer” command.
According to a report from cloud security firm Panther last month, ‘react-state-optimizer’ is one of several other npm packages published by ‘mikilanjillo’, indicating that the two activity clusters are one and the same.
react-query-core-utilities react-state optimizer react-fast-utilities react-performance-suite ai-fast-auto-trader carbon-mac-copy-cloner carbon-mac-copy-cloner pkgnewfefame darkslash
“The package contains a CLI ‘setup wizard’ that tricks developers into entering their sudo password and performing ‘system optimizations,'” said security researcher Alessandra Rizzo. “The captured password is passed to a comprehensive credential stealer payload that collects browser credentials, cryptocurrency wallets, SSH keys, cloud provider configuration, and developer tools tokens.”
“Stolen data is routed to partner-specific Telegram bots based on the campaign identifier embedded in each loader, and credentials are stored in the BSC smart contract and updated without changing the malware itself.”
The first npm package deploys the stealer by obtaining credentials and configuration from a Teletype.in page disguised as a Telegram channel or blockchain documentation. According to Panther, the malware implements a dual revenue model, with primary revenue derived from credential theft relayed through a partner’s Telegram channel, and secondary revenue derived from affiliate URL redirects stored in a separate Binance Smart Chain (BSC) smart contract.
“This campaign highlights a continued shift in attacker techniques, with distribution methods expanding beyond traditional package registries to platforms such as GitHub and emerging AI-assisted development workflows,” Jamf said. “By leveraging a trusted ecosystem and standard installation techniques, attackers can introduce malicious code into an environment with minimal friction.”
Source link
