node-ipc npm Package Compromised in Supply Chain Attack
node-ipc npm package compromised again with stealer/backdoor malware in versions 9.1.6, 9.2.3, 12.0.1
Summary
Socket's threat detection system identified malicious versions of the widely-used node-ipc npm package within minutes of publication. The compromised versions 9.1.6, 9.2.3, and 12.0.1 contain obfuscated stealer/backdoor code that fingerprints hosts, exfiltrates files, and attempts data exfiltration through DNS-selected endpoints. This marks the second major compromise of node-ipc, following the notorious 2022 incident and intermediate malicious versions in 2024.
Full text
Research/Security NewsLaravel Lang Compromised with RCE Backdoor Across 700+ VersionsLaravel Lang packages were compromised with an RCE backdoor across hundreds of versions, exposing cloud, CI/CD, and developer secrets.By Socket Research Team - May 23, 2026
Indicators of Compromise
- malware — node-ipc
- malware — peacenotwar