Hackers Poison 18 Popular NPM Packages with 2.5 Billion Weekly Downloads

Hackers hijack 18 NPM packages using phishing, targeting crypto wallets. NPM swiftly removes threats, minimizing damage.

By Content Team

Sep 10, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals successfully hijacked 18 widely-used NPM packages after tricking maintainer Josh Junon with a phishing email that appeared to come from NPM support. The fake message directed him to update his two-factor authentication on a lookalike website.

The compromised packages, including popular tools like chalk and debug, collectively see over 2.5 billion weekly downloads. Attackers injected malicious code designed to steal cryptocurrency by intercepting transactions and replacing wallet addresses with their own.

NPM removed the poisoned packages within two hours of the attack being reported. Security firm Wiz estimates the malicious code reached 10% of cloud environments during that brief window, though actual financial damage appears minimal since the attack targeted test addresses rather than real wallets.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

CISA Warns Federal Agencies of Actively Exploited Zimbra Email Vulnerability

Jan 25, 2026

AI-Powered Scams Set to Overtake Ransomware as Top Cyber Threat in 2026

Jan 23, 2026

Hightower Financial Services Hit by Data Breach Affecting 131,000 People

Mar 27, 2026

Iranian Hackers Used Stolen Credentials to Breach Medical Giant Stryker

Mar 18, 2026