Malicious npm packages include Shai-Hulud clone and Phantom Bot

Researchers at OX Security reported that four npm packages published by the account “deadcode09284814” include multiple types of malware: credential stealers, a near-identical clone of the Shai-Hulud worm and a Golang-based loader for a DDoS botnet called Phantom Bot.

The flagged packages are chalk-tempalte (825 downloads), @deadcode09284814/axios-util (284 downloads), axois-utils (963 downloads) and color-style-utils (934 downloads). All four libraries were available on npm when the analysis was published.

The chalk-tempalte package contains an almost unchanged copy of the Shai-Hulud source code that was released publicly by TeamPCP shortly before the malicious uploads. OX Security reported that the package sends harvested credentials to a command-and-control host at 87e0bbc636999b.lhr[.]life and uses a stolen GitHub token to push data to a public repository described as “A Mini Sha1-Hulud has Appeared.” OX Security wrote: “The actor took the code, and almost without any change at all — uploaded a working version with its own C2 server and private key into npm.”

The axois-utils package functions as a loader for Phantom Bot, a distributed denial-of-service agent written in Go. OX Security’s analysis shows Phantom Bot can flood targets over HTTP, TCP and UDP. The loader implements persistence on Windows by placing the payload in the Startup folder and creating a scheduled task, and it also includes persistence steps for Linux systems.

The two other packages, @deadcode09284814/axios-util and color-style-utils, are configured to collect sensitive data from compromised systems. According to OX Security, those packages harvest SSH keys, environment variables, cloud credentials, system information, IP addresses and cryptocurrency wallet data, then exfiltrate it to endpoints including 80.200.28[.]28:2222 and edcf8b03c84634.lhr[.]life.

OX Security noted that the four packages contain different malicious payloads despite being published by the same npm user. The firm advised that the public release of Shai-Hulud’s source code preceded the malicious uploads and that the cloned code was reused in the chalk-tempalte package.

The researchers recommended that anyone who downloaded these packages uninstall them immediately, remove any malicious configuration from development environments and coding assistants such as Claude Code, rotate exposed secrets and inspect GitHub accounts for repositories using the description “A Mini Sha1-Hulud has Appeared.” They also advised blocking network access to the suspicious domains identified in the analysis. At the time of the report, the four packages remained available on npm.