Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Summary

Cybersecurity researchers discovered four malicious npm packages published by user 'deadcode09284814' containing information-stealing malware and a DDoS botnet. One package clones the Shai-Hulud worm open-sourced by TeamPCP, while another delivers Phantom Bot, a Golang-based DDoS botnet with persistence mechanisms for Windows and Linux. The remaining packages exfiltrate SSH keys, environment variables, cloud credentials, and cryptocurrency wallet data to remote C2 servers.

Full text

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware Ravie LakshmananMay 18, 2026Supply Chain Attack / Botnet Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util (284 Downloads) axois-utils (963 Downloads) color-style-utils (934 Downloads) "One of the packages (chalk-tempalte) contains a direct clone of the Shai-Hulud source code that TeamPCP leaked last week, probably inspired as part of the supply chain attack competition that was published in BreachForums not long after," OX Security's Moshe Siman Tov Bustan said. Interestingly, the malicious payloads embedded into the four npm packages are different, despite them being published by the same npm user, "deadcode09284814." As of writing, the four libraries are still available for download from npm. An analysis of the packages has revealed that "axois-utils" is designed to deliver a Golang-based distributed denial-of-service (DDoS) botnet called Phantom Bot, with capabilities to flood a target website using HTTP, TCP, and UDP protocols. It also establishes persistence on both Windows and Linux machines by adding the payload to the Windows Startup folder and creating a scheduled task. The remaining three drop a stealer payload on compromised systems. Of the three packages, the "chalk-tempalte" package contains a clone of the Shai-Hulud worm released by TeamPCP. "The actor took the code, and almost without any change at all -- uploaded a working version with its own C2 server and private key into npm," OX Security said. "The stolen credentials are sent to the remote C2 server -- 87e0bbc636999b.lhr[.]life" In addition, the data is exported to a new GitHub public repository using the stolen GitHub token via the API. The repository is given the description "A Mini Sha1-Hulud has Appeared." The other two npm packages, "@deadcode09284814/axios-util" and "color-style-utils," carry a more straightforward functionality that siphons SSH keys, environment variables, cloud credentials, system information, IP address, and cryptocurrency wallet data to "80.200.28[.]28:2222" and "edcf8b03c84634.lhr[.]life," respectively. "Threat actors are getting even more motivated to conduct supply chain and typo-squatting, as attacks become easier to perform with the Shai-Hulud code becoming open source," OX Security said. "We're now seeing a single actor with multiple techniques and infostealer types spreading malicious code onto npm, as it’s just the first phase of an upcoming wave of supply chain attacks coming." Users who have downloaded the packages are uninstall them immediately, find and delete malicious configuration from IDEs and coding agents like Claude Code, rotate secrets, check for GitHub repositories containing the string "A Mini Sha1-Hulud has Appeared," and block network access to suspicious domains. Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post. SHARE     Tweet Share Share Share SHARE  botnet, Cloud security, cybersecurity, ddos, GitHub, Infostealer, Malware, NPM, Supply Chain Attack ⚡ Top Stories This Week Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories Windows Zero-Days Expose BitLocker Bypasses And CTFMON Privilege Escalation New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE Microsoft's MDASH AI System Finds 16 Windows Flaws Fixed in Patch Tuesday [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud Microsoft Patches 138 Vulnerabilities, Including DNS and Netlogon RCE Flaws New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution Mini Shai-Hulud Worm Compromises TanStack, Mistral AI, Guardrails AI and More Packages cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor ⚡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More Hackers Used AI to Develop First Known Zero-Day 2FA Bypass for Mass Exploitation ⭐ Featured Resources [Webinar] Learn How to Handle Critical SOC Alerts With AI Support Identify Internal Attack Surfaces More Efficiently With a Free Assessment [eBook] Get the 3-Number SOC Diagnostic to Reduce Queue Risk [Guide] Stop Email Fraud Before It Turns Into Ransomware Damage

Indicators of Compromise

• domain — 87e0bbc636999b.lhr.life
• domain — edcf8b03c84634.lhr.life
• ip — 80.200.28.28
• malware — Phantom Bot
• malware — Shai-Hulud

Entities