Sixty malicious NPM packages identified in May 2025 have been systematically harvesting sensitive data from developers’ systems and transmitting it to Discord webhooks controlled by threat actors. Socket’s Threat Research team uncovered these packages, which accumulated over 3,000 downloads in spite of being reported to the repository maintainers.
The malicious packages executed post-install scripts automatically during the ‘npm install’ process, collecting thorough system information including hostnames, internal IP addresses, user home directories, current working directories, and DNS server configurations. This data collection occurred without users’ knowledge or consent, exploiting the trusted nature of package installation procedures. The increasing integration of IoT devices and AI systems has expanded the potential attack surface for such malicious packages.
Attackers employed sophisticated targeting strategies, utilizing typosquatting techniques to deceive developers into downloading compromised packages. The malicious packages mimicked legitimate libraries such as ‘flipper-plugins’ and ‘react-xterm2’, whereas others featured generic trust-evoking names designed to appear legitimate. Some packages particularly targeted CI/CD pipelines by suggesting testing functionality, demonstrating attackers’ understanding of development workflows.
Cybercriminals leveraged typosquatting and deceptive naming conventions to infiltrate developer systems through seemingly legitimate package installations.
The stolen data was transmitted to Discord webhooks, providing threat actors with extensive system intelligence and access credentials. Discord tokens function as authorization codes, and obtaining a victim’s token grants attackers complete access to their Discord accounts and private communications. With Discord’s user base exceeding 350 million registered accounts, these credentials represent significant value to cybercriminals. The malware specifically targeted browser data storage by retrieving LevelDB databases where sensitive user information is preserved.
The packages incorporated anti-detection mechanisms, including hostname checks for cloud providers and reverse DNS analysis to identify security research environments. The absence of second-stage payloads and persistent mechanisms made detection more challenging, though it simplified remediation efforts once revealed. The attackers utilized malware templates to simplify the creation of custom malware, making sophisticated attacks accessible even to novice hackers.
This campaign follows previous incidents, including JFrog researchers’ revelation of 17 malicious NPM packages in 2021 and Sonatype’s identification of data-stealing packages in 2020. The NPM repository eventually removed the reported packages after notification, whereas Socket published a complete list of all 60 malicious packages in their security report.
Organizations using affected packages should remove them immediately and conduct thorough system scans to assess potential compromise. The early detection prevented widespread distribution that could have resulted in tens of thousands of downloads.
