"What sets PhantomRaven apart is its use of a new technique the researchers call Remote Dynamic Dependencies (RDD). Unlike typical npm malware, which relies on visible dependencies or post-install scripts, PhantomRaven packages initially appear empty - no dependencies, no suspicious code. But when a user installs them, the package fetches additional code from a remote server controlled by the attacker. The malicious payload is then executed locally, stealing data and exfiltrating it to the attacker's infrastructure."
"This makes the attack extremely difficult to detect using conventional methods. Security tools that rely on static analysis of package metadata or dependency graphs will see nothing out of the ordinary, because the harmful code doesn't exist in the registry itself. Instead, it's dynamically retrieved during installation, leaving no obvious trace in the source files. The stolen information includes npm and GitHub tokens, cloud credentials, SSH keys, and other sensitive environment variables commonly used in development and CI/CD pipelines."
The campaign has been active since at least August 2025 and published 126 malicious npm packages from multiple accounts, recording at least 86,000 downloads and leaving more than 80 infected packages live at disclosure. The packages appear empty in the registry with no dependencies or suspicious code, then fetch additional malicious code from attacker-controlled servers during installation. The technique, called Remote Dynamic Dependencies (RDD), enables execution of dynamically retrieved payloads that steal npm and GitHub tokens, cloud credentials, SSH keys, and CI/CD environment variables. Exfiltration used a domain with randomly generated subdomains per victim, complicating tracking and detection.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]