Copycat hits another npm package

A Shai-Hulud copycat worm has infected the npm package chalk-tempalte, appearing just five days after the original worm was open-sourced by its creators. The same threat actor also published three additional malicious npm packages containing infostealer code: @deadcode09284814/axios-util, axois-utils, and color-style-utils. These packages collectively received 2,678 weekly downloads and contain various malicious capabilities including credential theft, cryptocurrency wallet exfiltration, cloud configuration harvesting, and DDoS botnet functionality. The malware exfiltrates stolen data to remote command-and-control servers and uploads credentials to GitHub repositories. Researchers indicate the attacker operates from a home computer or local server farm and appears financially motivated, targeting victims' cryptocurrency assets while potentially offering DDoS-as-a-service capabilities.

Pulse ID: 6a0b921d3574a6ef2eca8d47
Pulse Link: https://otx.alienvault.com/pulse/6a0b921d3574a6ef2eca8d47
Pulse Author: AlienVault
Created: 2026-05-18 22:26:37

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CyberSecurity #DDoS #DoS #GitHub #InfoSec #InfoStealer #Malware #NPM #OTX #OpenThreatExchange #RAT #RCE #Worm #bot #botnet #cryptocurrency #iOS #AlienVault