Cyberattacks

Hackers Use 60 Malicious NPM Packages to Map Developer Networks

Cybercriminals exploit NPM to steal system data from developers, affecting over 3,000 downloads and posing supply chain attack risks.

By Content Team

May 27, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Security firm Socket discovered an active campaign targeting developers through 60 malicious NPM packages that steal system data when installed. Over two weeks, threat actors published packages containing scripts that collect hostnames, IP addresses, DNS servers, and directory paths, sending everything to a Discord webhook.

The packages have been downloaded over 3,000 times across Windows, Linux, and macOS systems. Three NPM accounts published 20 packages each, all containing identical fingerprinting code designed to evade detection.

Socket warns this data helps attackers map internal developer networks to public infrastructure, enabling future supply chain attacks and targeted intrusions.

Source: Security Week

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

87,000+ MongoDB Databases Exposed to Critical MongoBleed Vulnerability

Dec 28, 2025

Ingram Micro Ransomware Attack Exposes 42,000 People's Personal Data

Jan 19, 2026

TfL Hack Affected 10 Million People in One of Britain's Biggest Data Breaches

Mar 11, 2026

Hasbro Hit by Cyberattack, Potentially Delaying Peppa Pig and Transformers Deliveries

Apr 2, 2026