Fake npm Install Messages Hide RAT Malware in New Open Source Supply Chain Campaign
A sophisticated new software supply chain campaign, dubbed the “Ghost campaign,” is actively targeting developers via the npm package registry. This evolving threat utilizes deceptive installation messages to mask the deployment of remote access trojan (RAT) malware, a critical concern for the open-source software ecosystem. The campaign, first identified in early February 2026, aims to compromise developer systems by tricking them into unknowingly surrendering sensitive credentials.
The attack begins the moment a developer installs one of the rogue npm packages. Instead of immediate red flags, the package presents a realistic installation process, complete with log messages, progress indicators, and artificial delays. These are designed to mimic legitimate package installations and obscure the malicious activity occurring in the background. Researchers from ReversingLabs pinpointed seven packages published under the username “mikilanjillo” as the initial point of entry. These include react-performance-suite, react-state-optimizer-core, react-fast-utilsa, ai-fast-auto-trader, pkgnewfefame1, carbon-mac-copy-cloner, and coinbase-desktop-sdk.
The use of fabricated installation logs to conceal malicious behavior represents a novel and concerning tactic for threat actors operating within open-source communities. The ultimate goal of this campaign is to deploy a RAT capable of stealing cryptocurrency wallets, exfiltrating sensitive data, and enabling attackers to remotely control compromised machines. The malware retrieves payload URLs and decryption keys from a Telegram channel, or in some cases, from posts on platforms like teletype.in that are designed to resemble legitimate blockchain documentation. Once active, the RAT operates covertly, providing attackers with persistent and largely undetected access.
The scope of this threat appears to be broader than initially identified. In March 2026, JFrog researchers documented a related cluster of malicious activity termed GhostClaw, which shares striking similarities in techniques and infrastructure with the Ghost campaign. Further analysis by Jamf Threat Labs indicates that the campaign also spreads through compromised GitHub repositories. These repositories often mimic legitimate developer tools, such as trading bots and SDKs, and are initially populated with clean code. They are left inactive for extended periods to build user trust before malicious components are introduced.
Infection Mechanism: Fake Logs and Sudo Phishing
A particularly ingenious and dangerous aspect of this campaign is how it manipulates developers into providing their sudo password. During the deceptive installation process, the rogue npm package generates a false error message. This error typically claims that certain dependencies cannot be installed due to insufficient write permissions to a global package directory, such as `/usr/local/lib/node_modules` on Linux and macOS systems. Consequently, the developer is prompted to enter their root password to “resolve” the issue and allow the installation to proceed.
This social engineering tactic preys on the common experience of encountering permission errors during npm installations. The request for a password under such circumstances appears entirely plausible to a developer, making them more likely to comply. As soon as the password is entered and authenticated, the malware’s downloader component silently executes in the background. The scrolling fake log output continues to play its role in masking this illicit activity and preventing suspicion.
Following the execution of the downloader, it contacts a specified Telegram channel to retrieve the URL for the final payload and its corresponding decryption key. In some instances, these critical details are concealed within posts on platforms like teletype.in, camouflaged as web3 contract information or other blockchain-related documentation. Once these pieces of information are obtained, the final RAT payload is decrypted, written to the compromised system’s disk, and executed using the privileges granted by the stolen sudo password.
Developers are strongly advised never to enter their sudo or root password when prompted by an npm package during an installation. Legitimate packages do not require system-level administrative access at this stage of the installation process. It is crucial to exercise due diligence by verifying package authors, scrutinizing repository histories, and implementing automated security scanning tools capable of detecting suspicious scripts. Organizations should enforce stringent dependency review workflows and treat any password prompts during software installations as a significant security red flag.
Indicators of Compromise (IoCs) for this campaign include specific package names and their associated versions and SHA1 hashes, which security teams can use to detect and mitigate the threat. These lists of known malicious artifacts are essential for proactive defense.
The ongoing nature of these supply chain attacks necessitates continued vigilance from the developer community. Researchers will undoubtedly continue to monitor the npm registry and other open-source platforms for similar deceptive techniques. It is expected that threat actors will adapt their methods to circumvent current security measures, highlighting the need for continuous innovation in supply chain security solutions and heightened awareness among developers.