NPM flooded with malicious packages downloaded more than 86,000 times

A significant vulnerability has been exploited by attackers in the NPM code repository, resulting in the distribution of more than 100 malicious packages since August. Security firm Koi revealed these alarming findings on Wednesday, highlighting a concerning NPM practice that allows installed packages to autonomously fetch and execute unverified packages from unreliable sources. The campaign, tracked by Koi as PhantomRaven, has leveraged NPM’s use of what are known as “Remote Dynamic Dependencies” (RDD). This tactic has led to the introduction of 126 harmful packages, which have collectively been downloaded over 86,000 times. As of Wednesday morning, Koi reported that around 80 of these malicious packages were still accessible. Oren Yomtov from Koi commented on the sophistication of the attackers, noting that PhantomRaven highlights how adept they have become at exploiting gaps in conventional security measures. He emphasized that Remote Dynamic Dependencies are not detectable through static analysis, which poses a significant risk. RDD allows for enhanced flexibility when accessing dependencies—critical code libraries necessary for other packages to function. Typically, these dependencies are visible to the developer during installation and are downloaded from NPM’s trusted infrastructure. However, RDD operates differently, permitting packages to retrieve dependencies from untrusted websites, including those using unencrypted HTTP. The PhantomRaven attackers took advantage of this leniency by embedding code into the 126 packages they uploaded to NPM. This code fetches harmful dependencies from various URLs, such as http://packages.storeartifact.com/npm/unused-imports. Koi notes that these malicious dependencies remain “invisible” to developers and many security scanners, misleading them into believing the package has “0 Dependencies.” Furthermore, an NPM feature causes these invisible downloads to be installed automatically, compounding the security issue. Notably, the dependencies are downloaded fresh from the attacker’s server each time a package is installed, rather than being cached or version-controlled, as Koi elaborated.