THE CORTEX PROTOCOL
🏠Home🚨Threats🧩Patches📚Books🎬Mission Logs
🚨 CRITICALalert

PhantomRaven: Hidden NPM Malware Exploits Remote Dynamic Dependencies

Category:Threat Alerts / Supply Chain
Koi Security discovered PhantomRaven campaign compromising 86,000+ npm downloads via Remote Dynamic Dependencies (RDD)—an obscure npm feature allowing HTTP URLs as package dependencies. What's clever: malicious code lives on attacker-controlled servers, not in the reviewed package itself, bypassing security scanners that don't follow HTTP URLs. The packages appear clean (just 'Hello, world!' scripts with no visible dependencies), but the invisible HTTP reference fetches malicious code during npm install. What's nasty: preinstall hooks execute automatically, the malware harvests .gitconfig emails, CI/CD credentials (GitHub Actions, GitLab CI, Jenkins, CircleCI), npm tokens, and system fingerprints, then exfiltrates via HTTP GET/POST and WebSockets. The campaign also pioneered 'slopsquatting'—registering plausible names that AI assistants like Copilot hallucinate (eslint-comments, unused-imports, Transform-react-remove-prop-types).

🎯CORTEX Protocol Intelligence Assessment

This attack demonstrates a fundamental weakness in npm's dependency model—allowing dynamic code fetching from untrusted HTTP sources that evade traditional supply chain security scans. The slopsquatting technique exploits AI-assisted development, turning tools meant to accelerate coding into vectors for compromise. The multi-month persistence (July-October) shows detection failures across the ecosystem.

Strategic Intelligence Guidance

  • Immediate action: audit dependencies for HTTP URLs in package.json—block or scrutinize any external fetch during installation.
  • Implement dependency pinning: use exact versions, verify integrity hashes, consider using private npm registries with manual package approval.
  • Restrict build environment egress: prevent npm install from fetching arbitrary URLs, allowlist necessary registries only.
  • Monitor CI/CD for credential theft: look for unauthorized token usage, especially GitHub Actions GITHUB_TOKEN, GitLab CI_JOB_TOKEN, npm publishing tokens.
  • AI coding assistants: verify suggested package names against npm registry before installation, don't blindly trust AI-recommended dependencies.

Vendors

npm

Threats

PhantomRavenSlopsquatting

Targets

DevelopersCI/CD Systems

Impact

Financial:86,000+

Tags

#npm#supply-chain#phantomraven#slopsquatting#ai-assisted-attacks#credential-theft#rdd
Intelligence Source: PhantomRaven: Hidden npm Malware Hits Developers | Oct 31, 2025
More stories in Supply Chain