A sophisticated phishing attack has compromised popular NPM packages with over 2 billion combined weekly downloads, injecting cryptocurrency-stealing malware that hijacks wallet transactions and replaces payment addresses.
On September 8, 2025, security researchers discovered one of the largest supply chain attacks in JavaScript ecosystem history when malicious code was injected into fundamental NPM packages used by millions of developers worldwide.
The attack, which targeted packages like chalk (300M weekly downloads), debug (358M downloads), and ansi-styles (371M downloads), represents a critical threat to the entire web development community.
The Phishing That Started It All
The attack began when a prominent open-source maintainer known as "qix-" fell victim to a sophisticated phishing email appearing to come from [email protected]. The fake domain closely mimicked NPM's legitimate support channel, and the maintainer, admitting to having "a long week and a panicky morning," clicked the malicious link instead of navigating directly to NPM as usual.
"Hi, yep I got pwned. Sorry everyone, very embarrassing," the maintainer posted in a HackerNews comment, acknowledging the breach. "Just had a long week and a panicky morning and was just trying to knock something off my list of to-dos. Made the mistake of clicking the link instead of going directly to the site like I normally would."
Crypto-Targeting Malware Deployed at Scale
The injected malware functions as a sophisticated "crypto-clipper" designed to steal cryptocurrency through multiple attack vectors:
Passive Address Replacement: The code monkey-patches browser functions like fetch and XMLHttpRequest, intercepting all network traffic to scan for cryptocurrency addresses (Bitcoin, Ethereum, Solana, Litecoin, etc.). When detected, addresses are replaced with visually similar attacker-controlled addresses using string-matching algorithms.
Active Transaction Hijacking: For users with wallet extensions like MetaMask, the malware hijacks the window.ethereum object, intercepting transaction requests before they're signed. It replaces recipient addresses with attacker addresses, meaning users unknowingly approve transactions sending funds to criminals.
Multi-Chain Support: The malware targets multiple cryptocurrency networks including Bitcoin (both Legacy and SegWit), Ethereum, Solana, Tron, Litecoin, and Bitcoin Cash, demonstrating sophisticated knowledge of various wallet formats.
Affected Packages and Massive Reach
The compromised packages represent fundamental building blocks of the JavaScript ecosystem:
- ansi-styles (371.4M weekly downloads) - Terminal styling
- debug (357.6M weekly downloads) - Debugging utility
- chalk (300M weekly downloads) - Terminal string styling
- supports-color (287.1M weekly downloads) - Color detection
- strip-ansi (261.2M weekly downloads) - ANSI code removal
- ansi-regex (243.6M weekly downloads) - ANSI pattern matching
- wrap-ansi (198M weekly downloads) - Text wrapping
- color-convert (193.5M weekly downloads) - Color conversion
- error-ex (47.2M weekly downloads) - Error handling
Additional affected packages include color-name, is-arrayish, slice-ansi, simple-swizzle, color-string, has-ansi, supports-hyperlinks, chalk-template, and backslash.
Detection and Technical Analysis
Security firm Aikido first detected the attack through their intelligence feeds at 06:46 PM ISTon September 8.
The discovery was triggered when build pipelines began failing with ReferenceError: fetch is not defined errors - the malware attempting to communicate with command-and-control servers in Node.js environments lacking global fetch support.
Analysis of the malicious code revealed heavily obfuscated JavaScript designed to evade detection. After deobfuscation, researchers found functions with telling names like checkethereumw and complex logic for cryptocurrency detection and replacement.
"This malware is essentially a browser-based interceptor that hijacks both network traffic and application APIs," security researchers noted. "It operates at multiple layers: altering content shown on websites, tampering with API calls, and manipulating what users' apps believe they are signing."
Industry Impact and Response
The attack's potential impact is staggering. These packages serve as dependencies for countless applications, from small startups to Fortune 500 companies. Any web application, Electron app, or development environment using these packages could potentially expose users to cryptocurrency theft.
NPM has begun removing malicious versions, though the maintainer lost access to their account during the cleanup process. At the time of reporting, some packages like simple-swizzle remained compromised.
The incident highlights the fragility of the open-source supply chain, where a single compromised maintainer account can affect billions of installations across the global software ecosystem.
Immediate Protection Measures
For Development Teams:
- Use npm ci in CI/CD pipelines instead of npm install to ensure exact dependency versions from lockfiles
- Pin vulnerable dependencies using NPM's overrides feature in package.json:
{ "overrides": { "error-ex": "1.3.2", "chalk": "5.6.0" } } - Audit dependencies regularly with
npm auditand security tools like Snyk or Socket.dev - Review package-lock.json changes in pull requests with the same scrutiny as application code
For End Users:
- Check cryptocurrency transactions carefully before signing
- Monitor wallet activity for unexpected transactions
- Consider using hardware wallets for additional security
- Update applications that may use affected packages
Broader Supply Chain Security Crisis
This attack follows the recent "s1ngularity" incident targeting the Nx build system in August 2025, which compromised over 2,180 GitHub accounts and leaked thousands of credentials. That attack notably used AI tools like Claude Code and Gemini to scan for sensitive files, representing a new evolution in automated credential theft.
The pattern of high-impact supply chain attacks targeting developer infrastructure highlights the urgent need for enhanced security measures across the open-source ecosystem, including mandatory two-factor authentication, trusted publishing mechanisms, and improved monitoring of package changes.
"The open-source ecosystem runs on trust, but it's crucial to be vigilant," security experts warn. As this attack demonstrates, a single phishing email can compromise packages used by millions of developers worldwide, turning trusted dependencies into vectors for financial theft.
Organizations must now balance the convenience of open-source dependencies with the reality that any package update could potentially introduce malicious code. The era of blindly trusting package managers may be coming to an end, replaced by a new paradigm of verification and active security monitoring.
The investigation continues as security researchers work to identify the full scope of the compromise and ensure all malicious code is removed from the NPM registry.