Four Malicious npm Packages Steal SSH Keys, Cloud Credentials, and Crypto Wallets

Four malicious npm packages capable of stealing SSH keys, cloud credentials, cryptocurrency wallets, and environment variables, while one variant quietly transforms infected machines into a DDoS botnet.

The campaign appears to be the work of a single threat actor deploying multiple infostealer variants simultaneously through a coordinated typosquatting operation targeting Axios users.

The four packages chalk-template, @deadcode09284814/axios-util, axios-utils, and color-style-utils were detected within the last 24 hours.

All versions of each package are considered malicious. Combined, they have accumulated approximately 2,678 weekly downloads before being flagged.

Shai-Hulud Source Code Weaponized

The most alarming discovery is chalk-tempalte, which contains a near-identical clone of the Shai-Hulud infostealer, an open-source malware whose source code was publicly leaked on GitHub by the group TeamPCP just last week.

The threat actor copied the code with minimal modification, embedding their own C2 server address (87e0bbc636999b[.]lhr[.]life) and private key, then uploaded the working package directly to npm.

The lack of obfuscation, a stark contrast to the original Shai-Hulud deployments, confirms this is a copycat actor rather than TeamPCP itself.

Researchers noted the attack aligns with a supply chain attack competition posted on BreachForums shortly after TeamPCP’s leak, suggesting the open-source release is actively inspiring new campaigns.

Infected machines upload stolen credentials to a new GitHub repository, mirroring the original Shai-Hulud behavior.

Four Packages, Four Attack Styles

Each package targets a different attack objective:

• chalk-tempalte — Shai-Hulud clone exfiltrating credentials, crypto wallets, secrets, and accounts to a remote C2 server
• @deadcode09284814/axios-util — Straightforward infostealer collecting SSH keys, environment variables, and cloud credentials from AWS, GCP, and Azure, transmitting data to 80[.]200[.]28[.]28:2222
• axois-utils — Delivers a GoLang-based “Phantom Bot” with persistence logic that survives package deletion, plus a DDoS botnet capable of flooding targets with HTTP, TCP, UDP, and reset requests
• color-style-utils — Unobfuscated infostealer harvesting IP addresses, geolocation data, and cryptocurrency wallets, exfiltrating to edcf8b03c84634[.]lhr[.]life

Anyone who installed any version of these packages should act immediately:

• Uninstall all four malicious packages without delay
• Delete any related malicious configurations from IDEs and coding agents, including Claude Code
• Rotate all credentials and keys on affected machines
• Search GitHub repositories for the string “A Mini Sha1-Hulud has Appeared” as a potential indicator of compromise
• Block network access to all C2 domains and IPs listed below

Indicators of Compromise (IOCs)

Indicator	Type
87e0bbc636999b[.]lhr[.]life	C2 Domain
80[.]200[.]28[.]28:2222	C2 IP:Port
b94b6bcfa27554[.]lhr[.]life	C2 Domain
edcf8b03c84634[.]lhr[.]life	C2 Domain

Note:IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.

This campaign signals a dangerous new trend: the democratization of sophisticated malware. With Shai-Hulud now publicly available, the barrier to launching capable supply chain attacks has dropped dramatically.

OX Security warns this is likely just the first wave, as vibe-coded malware proliferates across npm, with each variant harvesting different data types for various criminal purposes, from credential theft and crypto-draining to full botnet recruitment, all from a single npm account.