A new wave of the PhantomRaven software supply-chain attack is targeting JavaScript developers through the npm registry, distributing dozens of malicious packages designed to steal sensitive development data.

Security researchers from Endor Labs discovered three new waves of the PhantomRaven campaign between November 2025 and February 2026, introducing 88 malicious npm packages uploaded using roughly 50 disposable accounts. These packages were designed to harvest credentials, system information, and CI/CD tokens from developers’ environments once installed.

The campaign represents an evolution of the PhantomRaven operation that first appeared in 2025, continuing to exploit weaknesses in open-source software supply chains.

PhantomRaven Supply Chain Attack Overview

How the PhantomRaven npm Attack Works

The attackers used a technique known as “slopsquatting,” where they publish packages with names resembling legitimate projects or names commonly generated by AI tools. This increases the likelihood that developers install them accidentally when searching for dependencies.

Instead of embedding malicious code directly inside the npm package, the attackers used a stealth technique called Remote Dynamic Dependencies (RDD).

With this method:

1. The malicious package includes a dependency referencing an external URL instead of another npm package.

2. When a developer runs npm install, npm automatically downloads the dependency from the attacker-controlled server.

3. The downloaded code executes on the developer’s machine without obvious indicators.

Because the malicious payload is hosted externally, automated security scanners may fail to detect it during static analysis.

Data Collected From Compromised Systems

Once installed, the malware begins harvesting sensitive information from the developer’s environment.

Researchers found that the malicious packages attempt to collect:

• Email addresses from .gitconfig, .npmrc, and environment variables

• CI/CD tokens and credentials

• Authentication tokens for development platforms

• System fingerprinting information

The malware also gathers details such as the IP address, hostname, operating system, and Node.js version of the compromised system to profile victims.

CI/CD Credentials and Developer Tokens Targeted

The attackers specifically targeted credentials tied to development pipelines and automation platforms.

The campaign attempted to steal tokens from:

• GitHub

• GitLab

• Jenkins

• CircleCI

These credentials could allow attackers to infiltrate source repositories, manipulate build pipelines, or introduce malicious code into other software projects—potentially expanding the attack into a wider software supply chain compromise.

Data Exfiltration Infrastructure

Once data is collected, the malware transmits the stolen information to attacker-controlled command-and-control (C2) servers.

Researchers observed that the attackers used multiple exfiltration techniques, including:

• HTTP GET requests

• HTTP POST requests

• WebSocket communication

The campaign infrastructure remained consistent across different waves, often using domains containing the word “artifact” hosted on Amazon EC2 servers and lacking TLS certificates.

Campaign Evolution and Persistence

Although the malicious payload remained largely unchanged across waves, the attackers adapted operationally.

Researchers observed that the threat actor:

• Rotated npm publisher accounts and email addresses

• Modified package metadata

• Changed PHP endpoints used for exfiltration

• Increased publishing frequency in later stages

In one case, the attackers released four malicious packages in a single day, demonstrating continued activity and persistence.

How Developers Can Protect Against npm Supply Chain Attacks

Security experts recommend several defensive measures to reduce the risk of installing malicious dependencies:

• Only install packages from trusted publishers

• Carefully verify dependency names to avoid typosquatting

• Avoid blindly copying dependency suggestions from AI tools or unknown sources

• Regularly audit project dependencies

• Monitor CI/CD tokens and development credentials

Because modern software projects depend heavily on open-source packages, supply-chain attacks like PhantomRaven highlight the need for stronger dependency verification and security controls.

Disclaimer: ClearPhish maintains a strict policy of not participating in the theft, distribution, or handling of stolen data or files. The platform does not engage in exfiltration, downloading, hosting, or reposting any illegally obtained information. Any responsibility or legal inquiries regarding the data should be directed solely at the responsible cybercriminals or attackers, as ClearPhish is not involved in these activities. We encourage parties affected by any breach to seek resolution through legal channels directly with the attackers responsible for such incidents.