Executive Summary

A highly sophisticated supply chain attack, designated as PhantomRaven, has been uncovered within the npm ecosystem, representing a significant escalation in the threat landscape for software development organizations and open-source contributors. This campaign involves at least 126 malicious npm packages that have been collectively downloaded over 86,000 times. The primary objective of PhantomRaven is the exfiltration of GitHub tokens, CI/CD secrets, and other sensitive authentication credentials from developer environments. The attackers employ advanced evasion tactics, such as remote dynamic dependencies and AI-generated slopsquatting package names, to bypass conventional security controls and static analysis tools. The campaign’s scale, technical sophistication, and focus on developer supply chains underscore the urgent need for enhanced vigilance and proactive mitigation across the software development lifecycle.

Threat Actor Profile

The PhantomRaven campaign has not been attributed to any known Advanced Persistent Threat (APT) group as of this report. However, the operational sophistication, including the use of remote dynamic dependencies and lifecycle script abuse, is consistent with tactics observed in recent high-profile supply chain attacks. The threat actors demonstrate a deep understanding of the npm ecosystem, leveraging both technical and social engineering vectors. The use of AI-generated, plausible package names (slopsquatting) increases the likelihood of accidental installation by developers, while the dynamic serving of payloads from attacker-controlled infrastructure allows for rapid adaptation and evasion. The campaign’s infrastructure includes a series of attacker-registered domains and a pattern of sequential email addresses across multiple free providers, indicating a methodical and scalable approach to campaign management.

Technical Analysis of Malware/TTPs

PhantomRaven leverages a multi-stage infection chain that exploits the npm package installation process. The initial infection occurs when a developer installs a seemingly legitimate npm package. The malicious package’s manifest file references a dependency hosted on an attacker-controlled server, such as packages.storeartifact.com, rather than the official npm registry. This technique, known as Remote Dynamic Dependency (RDD), enables the attacker to serve either benign or malicious code at will, evading static analysis and traditional dependency scanning.

Upon installation, the package executes a preinstall lifecycle script, which fetches and executes a remote payload. This payload performs extensive environment reconnaissance, harvesting email addresses, CI/CD environment variables, and system fingerprints, including public IP addresses. The malware then searches for and extracts GitHub tokens, npm tokens, and other authentication secrets present in the environment. Exfiltration is conducted via HTTP POST or WebSocket connections to attacker-controlled endpoints, such as the jpd.php script on packages.storeartifact.com.

The campaign’s technical sophistication is further evidenced by its use of AI-generated package names that closely mimic popular or plausible npm modules, a technique known as slopsquatting. This increases the probability of accidental installation, particularly in environments with automated or bulk dependency management. The attacker’s infrastructure is robust, utilizing multiple domains and a series of sequential email addresses (e.g., jpdtester01@hotmail.com, jpdtester02@outlook.com, etc.) to register and manage malicious packages.

MITRE ATT&CK techniques observed in this campaign include T1195.002 (Supply Chain Compromise: Compromise Software Dependencies and Development Tools), T1552 (Unsecured Credentials), T1059 (Command and Scripting Interpreter), and T1041 (Exfiltration Over C2 Channel).

Exploitation in the Wild

The PhantomRaven campaign was first observed in August 2025 and remains active as of October 2025. The malicious packages have been downloaded over 86,000 times, indicating widespread exposure across the global developer community. Exploitation occurs primarily through the installation of compromised npm packages, either manually by developers or automatically via CI/CD pipelines and dependency management tools. The attackers’ use of remote dynamic dependencies allows them to selectively serve malicious payloads, potentially targeting specific organizations or environments. The campaign has resulted in the active theft of developer credentials, with observed exfiltration of GitHub tokens, npm tokens, and other sensitive secrets. The impact is amplified in organizations with automated build and deployment processes, where compromised credentials can lead to further lateral movement, codebase tampering, and supply chain propagation.

Victimology and Targeting

The PhantomRaven campaign targets a broad spectrum of victims, including individual developers, open-source contributors, and organizations that rely on the npm ecosystem for software development. The primary sectors affected are software development, DevOps, CI/CD environments, and any entity utilizing automated dependency installation. The campaign is global in scope, with no evidence of country-specific targeting. The use of slopsquatting and AI-generated package names increases the risk for organizations with less stringent dependency vetting processes. Victims are typically those who install npm packages without thorough scrutiny, particularly in environments where dependencies are managed automatically or in bulk. The theft of GitHub tokens and CI/CD secrets poses a significant risk of downstream compromise, including unauthorized code changes, data exfiltration, and further supply chain attacks.

Mitigation and Countermeasures

Immediate action is required to mitigate the risks posed by the PhantomRaven campaign. Organizations should conduct a comprehensive audit of all npm dependencies, scrutinizing package manifests for references to external domains and unexpected lifecycle scripts, particularly preinstall and postinstall hooks. Any package referencing packages.storeartifact.com or similar attacker-controlled domains should be considered compromised and removed. Network security teams should block outbound connections to packages.storeartifact.com and any other identified malicious domains at the firewall or proxy level.

All GitHub tokens, npm tokens, and other secrets present in potentially affected environments must be revoked and rotated without delay. Continuous monitoring for unauthorized access to repositories, CI/CD pipelines, and credential usage is essential. Security teams should implement automated detection for unexpected lifecycle scripts and outbound connections to non-npmjs domains during package installation. Developers should be educated on the risks of slopsquatting and the importance of verifying package authenticity, especially when adding new dependencies.

Organizations are strongly encouraged to leverage advanced third-party risk management (TPRM) platforms to continuously monitor and assess the security posture of their software supply chain. Proactive engagement with threat intelligence feeds and security advisories will further enhance resilience against evolving supply chain threats.

References

The following sources provide additional technical details and ongoing updates regarding the PhantomRaven campaign:

The Hacker News: PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs https://thehackernews.com/2025/10/phantomraven-malware-found-in-126-npm.html

Koi Security Blog: PhantomRaven NPM Malware Hidden in Invisible Dependencies https://www.koi.ai/blog/phantomraven-npm-malware-hidden-in-invisible-dependencies

BleepingComputer: PhantomRaven attack floods npm with credential-stealing packages https://www.bleepingcomputer.com/news/security/phantomraven-attack-floods-npm-with-credential-stealing-packages/

The Register: npm hit by PhantomRaven supply chain attack https://www.theregister.com/2025/10/30/phantomraven_npm_malware/

MITRE ATT&CK: T1195.002, T1552, T1041, T1059 https://attack.mitre.org/

DCODX Security Advisory https://www.dcodx.com/advisories/phantomraven-npm

NVD: No CVE assigned as of this report; monitor for updates https://nvd.nist.gov

About Rescana

Rescana is a leader in third-party risk management, providing organizations with a comprehensive platform to continuously monitor, assess, and mitigate risks across their software supply chain. Our advanced TPRM solutions empower security teams to identify emerging threats, enforce best practices, and maintain resilience in the face of evolving cyber risks. For more information about how Rescana can help safeguard your organization, we are happy to answer questions at ops@rescana.com.