Discoveries

Short malware post-mortems from packages and binaries seen by Atomdrift tooling.

• 
  2026-06-13 surf: BYO-Interpreter — a faked Go library hides a LuaJIT payload

  The real surf is a browser-impersonating Go library you import; the clone forgot to rename its module, turned its README into a Download button, and hides a LuaJIT screenshot-stealer in a 309 KB line of obfuscated text.

• 
  2026-06-13 @sqlite-node/createsql: the DPRK's npm quota, fulfilled via GitHub Gist

  The 707-byte package ships nothing but a fetch-and-eval; four hops later the same BeaverTail-to-InvisibleFerret kit from three prior finds is back on a brand-new IP, running a node-pty shell and hunting wallet seed phrases.

• 
  2026-06-10 onering: a crate that leaks unreleased source

  The poison runs in your repo, not the library's — cargo's build dir leads build.rs to the consuming project's git tree, where it scrapes the latest commit's author, email and full patch, then POSTs it as a routine Sentry crash report.

• 
  2026-06-09 v018-axios-cdntest: C is for cookie, not cryptojacking

  It ships a self-described 'cryptojacker payload' that POSTs shares to a stratum port over XHR and mines exactly nothing — yet the cookie stealer bolted onto real axios works fine, and the README reads like a startup pitch deck.

• 
  2026-06-09 path-internal-util: don't chase the URL, catch the shape

  It's the real Joyent path module, verbatim, plus three lines that fetch a jsonkeeper paste and eval it — pull that thread and it unrolls into a live DPRK BeaverTail loader and a socket.io RAT.

• 
  2026-06-09 express-timer: an npm 'security helper' that self-destructs your src/

  Most malicious npm packages steal; this one just deletes your source tree a minute after you install it — and its author fumbled their own online-banking password into the very same tarball.

• 
  2026-06-04 awaitly-visualizer: The miasma continues to floweth — a binding.gyp Bun worm

  No install hook to flag — npm auto-builds the binding.gyp it ships, which fetches its own Bun runtime to run a credential-harvesting worm outside node's view, forge Sigstore provenance, and republish the maintainer's other packages.

• 
  2026-06-03 spadata: Gimme all your Roblox — the PyPI DataStore lib that isn't

  It promises a Roblox DataStore library and ships none of it — just an __init__.py that, on import, DPAPI-decrypts your Roblox session cookie and posts the cleartext to a Discord webhook; the README can't even spell its own name.

• 
  2026-06-02 sourceflow-tracker: I Has a Bucket — npm fetches its payload from GCS

  A 379-byte package whose only load-bearing content is a dependency version string pointing into a Google Cloud Storage bucket — so npm itself downloads and detonates the payload, and the registry never holds a copy to scan.

• 
  2026-05-28 clx-cookieparser: a cookie-parser clone whose evil twin is North Korean

  The package you install is the real express cookie-parser, tests and all — the theft lives one require() away in a twin dependency that pulls the DPRK's BeaverTail-to-InvisibleFerret kit, run by the same crew as web-dotenv.

• ◆
  2026-05-27 @polka-ui/config: a postinstall that announces itself, then drops Sliver

  It stamps its own payload 'authorized testing only,' then — past the Russian comments — exfils every npmrc and env secret and drops a real Go Sliver implant beaconing to a Russian host; the PoC label is the alibi.

• ◆
  2026-05-27 aes-decode-runner-pro: an 'AES demo' that decrypts itself into a RAT

  A tutorial-shaped AES codec whose import decrypts its own hardcoded ciphertext, pulls a 6 MB payload from nvidiadriver.net, and unpacks the Winpatch RAT — which impersonates lsass.exe to lift Chrome's app-bound encryption keys.

• ◆
  2026-05-26 web-dotenv: a dotenv clone, plus one function that robs you

  A near-perfect copy of dotenv — 50M downloads a week — with one function bolted into config(), so booting your app fetches a stealer that combs $HOME for wallets and keys and watches your clipboard on a 750 ms loop.

• ◆
  2026-05-26 shop-minis: a Shopify-shaped canary that rats you out to Burp

  A 762-byte dependency-confusion probe wearing the name of Shopify's private Shop Minis package, that slurps your CI env vars and ships them out two ways at once — HTTPS and DNS — to a Burp Collaborator.

• ◆
  2026-05-25 system-user-identifier-cli: an 'identity helper' that just opens a reverse shell

  799 bytes, two files, and a name like a thousand throwaway npx tools — it really does check your user id, then drops a bash /dev/tcp reverse shell and calls home.

• ◆
  2026-05-25 @devcarron/clob: api-rs-node's rough draft, same binary, same self-dox

  The same Windows implant as api-rs-node, shipped 5½ hours earlier under a copy-pasted sharp README its author forgot to re-title — and the bundled config files finger the same dev machine twice over.

• ◆
  2026-05-25 api-rs-node: a fake Rust bridge that doxxed its own author

  A 'high-performance Rust bridge' that's really a Windows dropper — IPFS payload, registry persistence, a beacon on port 2026 — whose author bundled their own config files and named the very machine they built it on.