Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Four NPM Packages Found with Malware and DDoS Bot

Four NPM Packages Found with Malware and DDoS Bot

Posted on May 18, 2026 By CWS

Cybersecurity experts have identified four npm packages harboring information-stealing malware, with one being a replica of the Shai-Hulud worm. This worm was previously made open source by TeamPCP. The packages in question include ‘chalk-tempalte’, ‘@deadcode09284814/axios-util’, ‘axois-utils’, and ‘color-style-utils’.

Details of the Malicious Packages

The ‘chalk-tempalte’ package is noted for containing a near-identical copy of the Shai-Hulud source code. This code was leaked in a recent supply chain attack contest discussed on BreachForums. Despite being released by the same npm user, ‘deadcode09284814’, each package carries different malicious payloads.

One package, ‘axois-utils’, is engineered to deploy a Golang-based botnet named Phantom Bot. This botnet can execute distributed denial-of-service (DDoS) attacks and persists on both Windows and Linux systems by embedding itself in startup processes.

Functionality of the Malicious Code

Analysis reveals that apart from ‘chalk-tempalte’, the other three packages drop stealer payloads on compromised systems. ‘Chalk-tempalte’ specifically replicates the Shai-Hulud worm, complete with its own command-and-control server and private key.

Data stolen by this malware is sent to a remote server, and credentials are further exported to a GitHub repository described as ‘A Mini Sha1-Hulud has Appeared’. The other packages, ‘@deadcode09284814/axios-util’ and ‘color-style-utils’, focus on extracting SSH keys, environment variables, and other sensitive information.

Implications and Recommendations

OX Security warns that the release of Shai-Hulud as open source has motivated threat actors to exploit supply chains and typo-squatting. This instance is likely the beginning of a broader wave of supply chain attacks.

Users who have downloaded these packages are advised to uninstall them promptly, remove malicious configurations, rotate secrets, and inspect for suspicious GitHub repositories. Network access to identified harmful domains should also be blocked to prevent further compromise.

As cyber threats evolve, safeguarding digital assets against such sophisticated attacks is crucial. Staying informed and proactive in security measures can mitigate potential risks.

The Hacker News Tags:Botnet, Cybersecurity, DDoS, GitHub, Infostealers, Malware, NPM, Shai-Hulud, supply chain attack, typo-squatting

Post navigation

Previous Post: Critical Windows Flaw Allows SYSTEM Access: MiniPlasma Zero-Day
Next Post: Exploit Released for Unpatched Windows Vulnerability

Related Posts

Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login Palo Alto Fixes GlobalProtect DoS Flaw That Can Crash Firewalls Without Login The Hacker News
Scattered Spider Hacker Gets 10 Years, M Restitution for SIM Swapping Crypto Theft Scattered Spider Hacker Gets 10 Years, $13M Restitution for SIM Swapping Crypto Theft The Hacker News
Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack Microsoft Fixes 63 Security Flaws, Including a Windows Kernel Zero-Day Under Active Attack The Hacker News
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts The Hacker News
Why Executives and Practitioners See Risk Differently Why Executives and Practitioners See Risk Differently The Hacker News
AI Security Breaches and Email Vulnerabilities Highlighted AI Security Breaches and Email Vulnerabilities Highlighted The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Fake Installers Deploy SharkLoader Malware in Networks
  • Critical Vulnerabilities in FatFs Impact Millions of Devices
  • Hackers Exploit Blogspot and PowerShell for Data Theft
  • Critical Linux Kernel Bug Allows Unauthorized Root Access
  • Nebula’s AI-Powered Security Tool Revolutionizes Testing

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark