惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
博客园 - 叶小钗
AI
AI
T
Tor Project blog
Forbes - Security
Forbes - Security
W
WeLiveSecurity
博客园_首页
爱范儿
爱范儿
J
Java Code Geeks
B
Blog
G
GRAHAM CLULEY
aimingoo的专栏
aimingoo的专栏
Cloudbric
Cloudbric
C
CXSECURITY Database RSS Feed - CXSecurity.com
TaoSecurity Blog
TaoSecurity Blog
L
LINUX DO - 热门话题
阮一峰的网络日志
阮一峰的网络日志
有赞技术团队
有赞技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
Google DeepMind News
Google DeepMind News
H
Help Net Security
博客园 - 三生石上(FineUI控件)
C
Cisco Blogs
C
Cybersecurity and Infrastructure Security Agency CISA
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园 - 司徒正美
The Last Watchdog
The Last Watchdog
Blog — PlanetScale
Blog — PlanetScale
T
The Blog of Author Tim Ferriss
S
Secure Thoughts
Spread Privacy
Spread Privacy
F
Fortinet All Blogs
月光博客
月光博客
大猫的无限游戏
大猫的无限游戏
S
SegmentFault 最新的问题
H
Hackread – Cybersecurity News, Data Breaches, AI and More
A
About on SuperTechFans
Security Latest
Security Latest
Webroot Blog
Webroot Blog
Scott Helme
Scott Helme
Hugging Face - Blog
Hugging Face - Blog

2024 Sonatype Blog

Open Source, Open Infrastructure, and the Space Between Request for Comments: CARE and Maven Central Q2 2026 Open Source Malware Index AI Is Forcing a New Open Source Security Model Vulnerability Prioritization Is Missing the AI-Era Point The Hidden National Security Threat Inside AI-Driven Software Miasma Returns: Leo Platform Compromise in npm The Rise of Collective Defense for Open Source Signal Over Noise: Reachability Analysis Is the Reality Check SCA Has Been Missing Software Security Has to Start at Assembly easy-day-js Targets Mastra, Dependency Attacks Grow Open Publishing, Commercial Scale Software Dependency Cooldowns Are a Symptom, Not a Strategy Atomic Arch npm Campaign Adds Malicious Dependency From SBOMs to AI BOMs: Why SPDX 3.0 Matters Mythos Found 10,000 Vulnerabilities. The Bigger Challenge Is Fixing Them New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages Lazarus Group's Latest: Brandjacking Campaign on npm 5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook The AI Race Is Becoming a Remediation Race Red Hat Cloud Services npm Packages Hijacked Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies AI Is Making Software Autonomous, and Governance Must Follow Your Outdated Repository Still Works, But It May Not Be Safe Hijacked npm Package Attempts to Deliver PolinRider-Linked RAT AppSec Tools Explained: SAST vs SCA vs DAST | Sonatype Managing Open Source Software Risks With the HeroDevs EOL Dashboard Shai-Hulud is Back: Maintainer Accounts Are Still the Soft Target Building Trusted AI Development With Kiro and Sonatype Guide How to Build a Software Supply Chain Security Playbook The Evolution of Open Source Malware: From Volume to Trust Abuse The Mythos AI Vulnerability Storm: What to Do Next Malicious PyTorch Lightning Packages Found on PyPI Why Developer Experience Is the Foundation of DevSecOps Success Open is Not Costless: Reclaiming Sustainable Infrastructure Q1 Updates in Nexus Repository: More Formats, Stronger Operations, and a Better Day-to-Day Experience Self-Propagating npm Malware Turns Trusted Packages Into Attack Paths The Time Is Now to Prepare for CRA Enforcement Sonatype Innovate: Real Peer Connections, Real Product Influence, Real Recognition Mythos and the AI Vulnerability Storm: Exploring the Control Point When AI Writes Code, Who Governs the Dependencies? Why Software Supply Chain Security Requires a New Playbook Q1 2026 Open Source Malware Index: Adaptive Attacks Exploit Trust Modernizing Nexus Repository: Moving Beyond OrientDB AI, DevSecOps, and the Future of Application Security: The Gartner® Report How Sonatype's Container Scanning Protects You From Zero-Days Axios Compromise on npm Introduces Hidden Malicious Package Is Your Repository Ready for What's Next? Autonomous Development and AI: Speed vs. Security Grounded Intelligence Ensures Safe AI Software Development Compromised litellm PyPI Package Delivers Multi-Stage Credential Stealer Golden Pull Requests: Automating Trusted Remediation Without Breaking Builds
Sonatype Discovers Two Malicious npm Packages
research@sonatype.com (Sonatype Security Research Team) · 2026-03-19 · via 2024 Sonatype Blog

Sonatype Security Research has identified a potential compromise of a trusted npm maintainer account that has now published two malicious npm packages — sbx-mask and touch-adv — designed to exfiltrate secrets from victims' computers.

The evidence strongly suggests account takeover of a legitimate publisher, rather than intentional malicious activity. Sonatype did not observe any indication that these were test packages, though touch-adv has now been removed. Hijacked publisher accounts are particularly concerning as, over time, maintainers build trust with the users of their components. Attackers aim to take advantage of that trust in order to steal valuable, or profitable, information.

We reported the incident to npm on March 19, 2026, to GitHub's Security Incident Response Team (SIRT), which is responsible for handling security issues across npm and related services.

Sonatype is tracking these malicious npm packages under Sonatype-2026-001276 and Sonatype-2026-001275 and will continue to monitor for additional publications. The npm malware campaign is considered active and under investigation, and attribution remains unknown at this time.

npm Attackers Barter Trust for Secrets

The sbx-mask package was quickly determined to be malicious due to its clear exfiltration behavior. Further investigation revealed that multiple npm packages shared similar exfiltration patterns, but differed in how and when their payloads were executed:

Package Execution Payload Behavior Exfiltration Method
sbx-mask Runs automatically via postinstall script Collects environment variables and formats them into JSON Sends data via curl to a webhook.site endpoint
touch-adv Executes when application code is invoked (not on install) Reads TRACE_ID, collects and formats environment variables Sends data via POST request to email ethan@vm0.ai via agentmail

The sbx-mask package uses a postinstall script to immediately execute its payload upon installation, increasing the likelihood of rapid credential exposure.

In contrast, touch-adv does not automatically execute. Instead, it embeds malicious logic within the application code itself, requiring the package to be invoked before the payload runs.

This distinction is notable. Rather than relying solely on install-time execution, attackers are increasingly embedding malicious code deeper within npm packages to evade detection. By delaying execution until runtime, these techniques make the malware less obvious during standard dependency inspection.

How the Credential Theft Occurs

At a technical level, malicious npm packages embed their payload within application code, typically inside the index.js file. This code executes either during installation or when the package is imported into an application.

Once executed, the malicious script performs a series of actions designed to harvest and exfiltrate sensitive data, including:

  • Collecting environment variables from the host system.

  • Accessing sensitive credentials such as API keys, authentication tokens, and cloud service secrets.

  • Transmitting the collected data to attacker-controlled endpoints, including webhook services and hard-coded email addresses.

Because environment variables are widely used to manage secrets in development and production environments, this type of attack can lead to serious downstream compromise. Exposed credentials may enable attackers to access cloud infrastructure, manipulate CI/CD pipelines, or move laterally across systems within an organization.

What Makes This npm Malware Unique?

One of the most significant aspects of this npm malware campaign is, if malicious and not in fact a test, its reliance on trusted maintainer accounts. Rather than creating new packages or impersonating popular libraries, the attackers appear to have taken control of accounts with established credibility in the npm ecosystem. This dramatically increases the likelihood that developers will install affected packages without suspicion.

Additionally, the attackers employed multiple exfiltration techniques, including both webhook-based collection and direct email transmission. This dual approach increases the resilience of the campaign and suggests a level of planning beyond opportunistic attacks.

The timing of the package publications is also noteworthy. Multiple malicious versions appeared within a narrow window of time, indicating either automated exploitation or coordinated access to multiple accounts.

This npm malware campaign primarily targets developers and organizations that rely on npm packages as part of their SDLC. Any system that installs and executes npm packages may be at risk, especially those where sensitive credentials are exposed via environment variables.

High-risk targets include:

  • CI/CD pipelines and automated build systems.

  • Cloud-based deployment environments.

  • Local developer machines with access to credentials and tokens.

In these contexts, a single compromised package installation can expose secrets that grant attackers access to broader infrastructure, increasing the potential for downstream compromise across an organization.

The Indicators of Compromise (IOCs)

If you have downloaded sbx-mask or touch-adv, assume sensitive information may have been exposed and investigate immediately. Although touch-adv has been removed from npm, it may still exist in cached environments or internal registries.

Additional indicators include unexpected outbound network activity during package installation or execution, especially connections to webhook services or unusual email-based data transfers. Code-level indicators include scripts that access process.env and transmit its contents externally.

Known exfiltration endpoints observed in this npm malware campaign include webhook.site URLs and the email address ethan@vm0.ai.

What To Do If You're Impacted by the Malicious npm Packages

Act quickly. If either package has been ingested, remove it immediately and rotate all potentially exposed credentials without delay. This includes API keys, authentication tokens, and any secrets stored in environment variables.

It is also important to review system and CI/CD logs for unusual activity, particularly outbound network requests that could indicate data exfiltration. In addition, teams should verify that dependencies are correctly named, as attackers may attempt to exploit confusion or impersonation alongside account compromise.

More broadly, organizations should adopt practices that reduce reliance on long-lived credentials and limit the exposure of sensitive environment variables wherever possible.

How Sonatype Helps

As software supply chain attacks evolve, attackers increasingly target trusted maintainers, rather than rely on obvious fake packages, making detection significantly more difficult without automated tooling.

With Sonatype Guide, developers gain real-time intelligence to identify malicious or risky packages before they are introduced into their environments. This helps teams, and the AI agents that support them, autonomously manage dependencies and keep AI-assisted workflows secure.

Sonatype will continue to monitor this campaign and share updates as new intelligence emerges.

Tags