Malicious npm Packages Steal SSH, Cloud & Crypto Four Keys

Security researchers have uncovered four malicious npm packages designed to steal SSH keys, cloud credentials, cryptocurrency wallets, and environment variables. One variant also quietly transforms infected machines into a DDoS botnet.

The campaign appears to be the work of a single threat actor deploying multiple infostealer variants simultaneously through a coordinated typosquatting operation targeting Axios users.

The four packages chalk-template, @deadcode09284814/axios-util, axios-utils, and color-style-utils were detected within the last 24 hours.

All versions of each package are considered malicious. Combined, they have accumulated approximately 2,678 weekly downloads before being flagged.

Shai-Hulud Source Code Weaponized

The most alarming discovery is chalk-tempalte, which contains a near-identical clone of the Shai-Hulud infostealer, an open-source malware whose source code was publicly leaked on GitHub by the group TeamPCP just last week.

The threat actor copied the code with minimal modification, embedding their own C2 server address (87e0bbc636999b[.]lhr[.]life) and private key, then uploaded the working package directly to npm.

The lack of obfuscation, a stark contrast to the original Shai-Hulud deployments, confirms this is a copycat actor rather than TeamPCP itself.

Researchers noted the attack aligns with a supply chain attack competition posted on BreachForums shortly after TeamPCP’s leak, suggesting the open-source release is actively inspiring new campaigns.

Infected machines upload stolen credentials to a new GitHub repository, mirroring the original Shai-Hulud behavior.

Four Packages, Four Attack Styles

Each package targets a different attack objective:

• chalk-tempalte — Shai-Hulud clone exfiltrating credentials, crypto wallets, secrets, and accounts to a remote C2 server
• @deadcode09284814/axios-util — Straightforward infostealer collecting SSH keys, environment variables, and cloud credentials from AWS, GCP, and Azure, transmitting data to 80[.]200[.]28[.]28:2222
• axois-utils — Delivers a GoLang-based “Phantom Bot” with persistence logic that survives package deletion, plus a DDoS botnet capable of flooding targets with HTTP, TCP, UDP, and reset requests
• color-style-utils — Unobfuscated infostealer harvesting IP addresses, geolocation data, and cryptocurrency wallets, exfiltrating to edcf8b03c84634[.]lhr[.]life

Anyone who installed any version of these packages should act immediately:

• Uninstall all four malicious packages without delay
• Delete any related malicious configurations from IDEs and coding agents, including Claude Code
• Rotate all credentials and keys on affected machines
• Search GitHub repositories for the string “A Mini Sha1-Hulud has Appeared” as a potential indicator of compromise
• Block network access to all C2 domains and IPs listed below

Indicators of Compromise (IOCs)

This campaign signals a dangerous new trend: the democratization of sophisticated malware. With Shai-Hulud now publicly available, the barrier to launching capable supply chain attacks has dropped dramatically.

OX Security warns this is likely just the first wave, as vibe-coded malware proliferates across npm, with each variant harvesting different data types for various criminal purposes, from credential theft and crypto-draining to full botnet recruitment, all from a single npm account.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.