Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

TL;DR Four npm packages published under the username deadcode09284814 distribute information-stealing malware and a DDoS botnet. One package clones the recently open-sourced Shai-Hulud worm; another delivers Phantom Bot, a Golang-based DDoS tool with persistence capabilities. At publication, all four packages remained available on npm. Developers should uninstall them immediately and rotate credentials.

What happened

Cybersecurity researchers identified four malicious npm packages containing information-stealing malware and a DDoS botnet. All four were published by the same npm user, deadcode09284814, but carry different payloads:

chalk-tempalte (825 downloads): Contains a direct clone of the Shai-Hulud worm source code that TeamPCP leaked. The actor uploaded the code with minimal modification, bundling it with its own command-and-control (C2) server and private key. Stolen credentials are exfiltrated to C2 server 87e0bbc636999b.lhr.life, and data is exported to new GitHub public repositories using stolen GitHub tokens. Repositories created by the malware bear the description "A Mini Sha1-Hulud has Appeared."
axois-utils (963 downloads): Delivers Phantom Bot, a Golang-based DDoS botnet capable of flooding targets using HTTP, TCP, and UDP protocols. The malware establishes persistence on both Windows machines (via the Startup folder) and Linux machines (via scheduled tasks).
@deadcode09284814/axios-util (284 downloads): Steals SSH keys, environment variables, cloud credentials, system information, IP address, and cryptocurrency wallet data, sending exfiltrated data to 80.200.28.28:2222.
color-style-utils (934 downloads): Steals the same categories of data as @deadcode09284814/axios-util but sends it to edcf8b03c84634.lhr.life.

According to OX Security's Moshe Siman Tov Bustan, the chalk-tempalte package appears to have been inspired by a supply chain attack competition posted on BreachForums shortly after TeamPCP released the Shai-Hulud source code. As of publication, all four packages remained available for download from npm.

Why it matters

The packages represent a multi-stage supply chain attack targeting developers. The variety of payloads—from credential theft to DDoS botnet distribution—suggests the threat actor is experimenting with different attack vectors from a single npm account. Developers who installed these packages have likely exposed SSH keys, cloud credentials, GitHub tokens, and other sensitive materials. Those running axois-utils may have had their systems enrolled in a DDoS botnet without detection.

The use of the open-sourced Shai-Hulud worm demonstrates how publicly released malware code reduces the barrier to entry for supply chain attacks. OX Security warned that "threat actors are getting even more motivated to conduct supply chain and typo-squatting, as attacks become easier to perform with the Shai-Hulud code becoming open source."

Affected systems and CVEs

npm package: chalk-tempalte
npm package: @deadcode09284814/axios-util
npm package: axois-utils
npm package: color-style-utils
Malware: Shai-Hulud (open-source clone)
Malware: Phantom Bot (DDoS botnet)

No CVE assigned at the time of publication.

What to do

Uninstall the four malicious packages immediately.
Rotate SSH keys, cloud credentials, GitHub tokens, and any other secrets that may have been compromised.
Search your development environment and any integrated development environments (IDEs) or code generation tools (such as Claude Code) for malicious configuration files and remove them.
Search your GitHub account for any public repositories matching the description "A Mini Sha1-Hulud has Appeared" and delete them.
Block outbound network access to the following domains and IP addresses: 87e0bbc636999b.lhr.life, 80.200.28.28:2222, and edcf8b03c84634.lhr.life.
If your systems downloaded axois-utils, perform network monitoring to detect any outbound DDoS traffic initiated by Phantom Bot.

Open questions

The source does not state when these four packages were first published to npm.
The total number of unique machines compromised remains unknown.
The association between the npm user deadcode09284814 and any known threat actor group is not confirmed.
The full scope of the supply chain attack competition referenced on BreachForums is not detailed.
Whether other packages from deadcode09284814 contain malicious payloads has not been disclosed.