UPDATE--The phishing campaign that resulted in the compromise of the NPM account of a prolific open source contributor on Monday has hit the maintainers of DuckDB, as well. The new compromise only affected four NPM packages that were published Tuesday morning, and the maintainers noticed the issue within hours and have deprecated the affected packages, had NPM delete those versions from the site, and re-released one of the packages.

The DuckDB maintainers said they noticed the issue within four hours.

"The DuckDB distribution for Node.js on npm was compromised with malware (along with several other packages). An attacker published new versions of four of duckdb’s packages that included malicious code to interfere with cryptocoin transactions," the maintainers said.

The compromise was the result of a phishing email targeted at NPM developers, informing them that they need to update the 2FA factor on their account.

"One of the maintainers read through this text and found it somewhat reasonable. He followed the link (now defunct) to a website hosted under the domain npmjs.help. This website contained a pixel-perfect copy of the npmjs.com website. He logged in using the duckdb_admin user and password, followed by 2FA. Again, the user profile, settings etc. were a perfect copy of the npmjs.comwebsite including all user data. As requested by the email, he then re-set the 2FA setup," the DuckDB maintainers said.

"In the background, the copycat website forwarded all actions to the actual npm website, so the 2FA was actually updated there, too. But they also added a new API token, which they then used to publish the malicious package versions. In hindsight, the fact that his browser did not auto-complete the login should have been a red flag. It's painful to spell out, but we fell for a classic phishing attack."

This disclosure follows the original one Monday that a number of very popular NPM packages have been compromised through a phishing attack that hit a prolific developer who uses the handle Qix and has resulted in malicious code being added to those packages in an effort to steal cryptocurrency funds from end users’ accounts. 

"This is not an isolated copycat incident but a continuation of the same campaign that targeted Qix. The identical malware, timing, and choice of widely used dependencies point to a coordinated effort to maximize reach across the npm ecosystem," Peter van der Zee and Sarah Gooding of supply chain security firm Socket wrote in an analysis of the DuckDB incident.

Both the DuckDB and Qix compromises were remediated quickly and the downstream effects have been quite limited. Socket's analysis shows that the cryptocurrency wallets associated with the phishing campaign have about $600 total.


The affected packages tied to the Qix NPM account include Chalk and Debug, and one of the contributors to those packages said the compromise was the result of him clicking on a phishing email related to setting up 2FA on his account. The good news is that the window of exposure when the affected, compromised packages were available for download is quite small, so the number of potentially affected downstream packages and victims should be limited.

There have been reports from other developers saying they received the same phishing email, and some security researchers have indications that other developers have been compromised, too.

The attack apparently occurred on the morning of Sept. 8 and researchers have identified at least 18 individual NPM packages with more than 2 billion collective weekly downloads that have been affected by the attack. The goal of the malicious code appears to be to grab crypto-related user credentials and other sensitive data from victims’ browsers through network traffic interception and API hijacking. 

When a victim downloads and runs one of the compromised packages, the malicious code monitors for activity related to cryptocurrency sites and wallets, as well as other web3 content, and redirects it.

“The packages were updated to contain a piece of code that would be executed on the client of a website, which silently intercepts crypto and web3 activity in the browser, manipulates wallet interactions, and rewrites payment destinations so that funds and approvals are redirected to attacker-controlled accounts without any obvious signs to the user,” Charlie Eriksen of code security platform provider Aikido Security said in a post detailing the campaign and its timeline. 

“This malware is essentially a browser-based interceptor that hijacks both network traffic and application APIs. It injects itself into functions like fetch, XMLHttpRequest, and common wallet interfaces, then silently rewrites values in requests and responses. That means any sensitive identifiers, such as payment destinations or approval targets, can be swapped out for attacker, controlled ones before the user even sees or signs them. To make the changes harder to notice, it uses string-matching logic that replaces targets with look-alike values.”

Here is the list of known, affected packages:

- ansi-styles@6.2.2

- debug@4.4.2 (appears to have been yanked as of 8 Sep 18:09 CEST)

- chalk@5.6.1

- supports-color@10.2.1

- strip-ansi@7.1.1

- ansi-regex@6.2.1

- wrap-ansi@9.0.1

- color-convert@3.1.1

- color-name@2.0.1

- is-arrayish@0.3.3

- slice-ansi@7.1.1

- color@5.0.1

- color-string@2.1.1

- simple-swizzle@0.2.3

- supports-hyperlinks@4.1.1

- has-ansi@6.0.1

- chalk-template@1.1.1

- backslash@0.2.1

“Looked legitimate at first glance. Not making excuses, just had a long week and a panicky morning and was just trying to knock something off my list of to-dos. Made the mistake of clicking the link instead of going directly to the site like I normally would (since I was mobile),” the developer said.

Chalk has been republished without the malicious code, and most of the other compromised packages have been removed. 

The developer who was compromised said he has received a notification from NPM that they are aware of the incident, but that was the extent of the communication. 

This story was updated on Sept. 9 to add information about the DuckDB compromise.

Note: Cisco and Duo are no longer affiliated with Decipher.  All opinions and content provided here from April 11 are solely that of Decipher and do not reflect opinions or content of Cisco Systems, Inc. or any of its affiliates.

  • Recent Posts

  • Recent Comments

    No comments to show.