Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials

Cybersecurity researchers have unveiled a new and highly sophisticated campaign, dubbed "Ghost" by ReversingLabs, involving malicious npm packages meticulously designed to pilfer cryptocurrency wallets and a wide array of sensitive data from unsuspecting developers. This elaborate scheme leverages deceptive installation processes, social engineering to gain root privileges, and a multi-stage payload delivery system, culminating in the deployment of a potent remote access trojan (RAT). The activity has been linked to a single npm user, "mikilanjillo," whose malicious packages have been identified across multiple independent security analyses, highlighting a coordinated and persistent threat actor.

The initial discovery by ReversingLabs pinpointed a collection of malicious Node.js packages published under the "mikilanjillo" alias. These packages, masquerading as legitimate development utilities, employ a cunning tactic to circumvent detection and trick users. Upon attempted installation, they display fabricated npm install logs, complete with random delays, to simulate a genuine installation process. This carefully orchestrated charade is designed to lull developers into a false sense of security before the critical phishing stage.

The Deceptive Installation and Sudo Password Phishing

The core of the "Ghost" campaign’s initial compromise vector lies in its audacious attempt to solicit sudo passwords. During the simulated installation, the malicious packages deliberately trigger an error message, falsely claiming a lack of write permissions to /usr/local/lib/node_modules. This directory is the default global installation location for Node.js packages on Unix-like systems such as Linux and macOS. The error message then instructs the victim to enter their root or administrator password to "continue with the installation" and resolve the supposed permission issue. This is a critical moment of compromise; by entering their sudo password, developers unwittingly grant the malware elevated privileges, enabling it to execute subsequent malicious stages with full system access.

Lucija Valentić, a software threat researcher at ReversingLabs, underscored the sophistication of these evasion tactics. "The packages themselves are phishing for sudo password with which the last stage is executed, and are trying to hide their real functionality and avoid detection in a sophisticated way: displaying fake npm install logs," Valentić noted in a report shared with The Hacker News. This level of deception goes beyond typical amateur attempts, reflecting a professional and well-resourced adversary intent on bypassing standard security measures and developer vigilance.

Once the sudo password is obtained, the malware quietly retrieves a next-stage downloader. This downloader then establishes contact with a command-and-control (C2) infrastructure, specifically a Telegram channel. The Telegram channel serves as a dynamic repository for fetching the URL of the final payload and the necessary key to decrypt it, ensuring flexibility and resilience for the attackers. The culmination of this intricate infection chain is the deployment of a full-featured remote access trojan (RAT). This RAT is engineered to harvest a broad spectrum of sensitive data, target cryptocurrency wallets, and remain poised for further instructions from its external servers, giving the attackers persistent access and control over the compromised system.

Connecting the Campaign Dots: GhostClaw and Phantom Menace

The "Ghost" campaign documented by ReversingLabs shares significant overlaps with other malicious activities previously identified by different cybersecurity firms, suggesting a broader, interconnected operation. JFrog, another prominent cybersecurity research firm, had earlier this month documented a related activity cluster under the name "GhostClaw." Cloud security company Panther also contributed to unraveling this threat, publishing a report last month detailing a campaign it termed "Phantom Menace" or "Ghost Loader."

Intriguingly, Panther’s analysis directly linked several npm packages, including "react-state-optimizer," to the same "mikilanjillo" user identified by ReversingLabs. This crucial piece of evidence strongly indicates that these seemingly disparate clusters of activity are, in fact, facets of a single, extensive, and evolving malicious campaign orchestrated by the same threat actor. The collective intelligence gathered from these different firms paints a comprehensive picture of the attacker’s tactics, techniques, and procedures (TTPs).

GhostClaw’s GitHub and AI Workflow Exploitation

Jamf Threat Labs further enriched the understanding of this campaign by providing an in-depth analysis of the "GhostClaw" component, particularly its exploitation of GitHub repositories and emerging artificial intelligence (AI)-assisted development workflows to deliver credential-stealing payloads, specifically targeting macOS systems. This particular vector highlights a concerning trend where attackers are moving beyond traditional package registries to leverage trusted development platforms.

According to Thijs Xhaflaire, a security researcher at Jamf, these GitHub repositories meticulously impersonate legitimate tools, including popular trading bots, software development kits (SDKs), and various developer utilities. They are crafted to appear credible at first glance, often featuring well-structured README files and seemingly innocuous codebases. A particularly insidious tactic involves a trust-building phase: the repositories are initially populated with benign or only partially functional code and left untouched for an extended period. This dormancy allows them to accumulate engagement, sometimes exceeding hundreds of "stars" from legitimate users, thereby bolstering their perceived legitimacy before malicious components are stealthily introduced.

The infection process typically begins when developers are guided by the repository’s README file to execute a shell script as part of the "installation" instructions. This script initiates a multi-stage infection process designed to eventually deploy the stealer malware. In a worrying adaptation targeting modern development trends, some variants of these repositories feature a SKILL.md file. These files are specifically aimed at AI-oriented workflows, attempting to trick users into installing "external skills" through AI agents like "OpenClaw," further blurring the lines between legitimate tools and malicious code.

A notable feature within the shell script is an environment variable named "GHOST_PASSWORD_ONLY." When this variable is set to zero, the script presents a full interactive installation flow, complete with progress indicators and user prompts, mirroring a typical software installation experience. Conversely, if set to one, the script executes a simplified path focused almost entirely on credential collection, operating with minimal or no user interface elements, allowing for a more covert compromise. Furthermore, in a final act of deception, the postinstall.js script often displays a benign success message, reassuring users that the installation was successful and providing instructions on how to configure the "library" in their projects, such as by running npx react-state-optimizer. This final step aims to prevent suspicion and ensure the malware remains undetected for as long as possible.

Advanced Monetization and Decentralized Infrastructure

Panther’s report on the "Phantom Menace" campaign provided critical insights into the attacker’s sophisticated monetization strategies and command-and-control infrastructure. The analysis confirmed that packages like "react-state-optimizer," also published by "mikilanjillo," were part of this elaborate scheme. Alessandra Rizzo, a security researcher at Panther, elaborated on the payload’s capabilities: "The packages contain a CLI ‘setup wizard’ that tricks developers into entering their sudo password to perform ‘system optimizations.’ The captured password is then passed to a comprehensive credential stealer payload that harvests browser credentials, cryptocurrency wallets, SSH keys, cloud provider configurations, and developer tool tokens."

This comprehensive stealer is designed to exfiltrate a vast array of sensitive information, making compromised developer machines a treasure trove for attackers. The stolen data is not simply dumped but intelligently routed to partner-specific Telegram bots, with the campaign identifier embedded within each loader. This setup allows for granular tracking and distribution of stolen credentials, likely facilitating a network of illicit operations.

Perhaps one of the most innovative aspects identified by Panther is the attacker’s dual revenue model. The primary income stream is derived from direct credential theft, with data relayed through these partner Telegram channels. A secondary, equally ingenious income source comes from affiliate URL redirects. These affiliate URLs are stored in a separate Binance Smart Chain (BSC) smart contract. The use of a smart contract for configuration updates is a novel approach; it allows the attackers to modify the redirect URLs and potentially other operational parameters without needing to alter or redeploy the malware itself. This decentralized and blockchain-based command-and-control mechanism offers enhanced resilience, anonymity, and flexibility for the threat actors, making detection and takedown efforts significantly more challenging. The initial npm package effectively acts as a loader, capturing credentials and fetching further configuration details from either a Telegram channel or a Teletype.in page, often disguised as legitimate blockchain documentation, before deploying the final stealer.

Broader Implications for the Software Supply Chain

This multi-faceted campaign underscores a significant and ongoing shift in attacker tradecraft, particularly in the realm of software supply chain attacks. The traditional focus on direct system exploitation is evolving to encompass the entire development ecosystem, from package registries like npm to code hosting platforms like GitHub, and now increasingly, into AI-assisted development workflows. By embedding malicious code within widely used developer tools and libraries, attackers can achieve widespread compromise with minimal friction, leveraging the inherent trust developers place in open-source components and standard installation practices.

The implications for individual developers are severe, ranging from immediate financial losses due to cryptocurrency theft to long-term risks associated with compromised credentials for cloud platforms, SSH access, and development tools. For organizations, the compromise of developer machines can lead to intellectual property theft, unauthorized access to internal systems, and potential breaches of sensitive customer data. A compromised developer environment can serve as a pivot point for attackers to infiltrate an entire enterprise network.

The use of social engineering to trick users into granting sudo privileges highlights a persistent vulnerability: human trust. Even experienced developers can fall victim to carefully crafted deceptions, especially when presented within a familiar and seemingly legitimate installation context. The adoption of decentralized technologies like Telegram and Binance Smart Chain for C2 and monetization further complicates defensive efforts, as these platforms offer increased resilience and obfuscation compared to traditional, centralized infrastructure.

Mitigation Strategies and the Path Forward

In response to such sophisticated threats, cybersecurity experts emphasize a multi-layered approach to security for developers and organizations alike. Critical mitigation strategies include:

1. Vigilance with sudo and Administrator Privileges: Developers must exercise extreme caution when prompted for sudo or administrator passwords during any installation process, especially for packages sourced from public registries. Always verify the legitimacy of such requests and understand their implications.
2. Scrutiny of Open-Source Packages: Before integrating any npm package or GitHub repository, even those with high star counts or apparent popularity, developers should conduct due diligence. This includes checking the package publisher’s history, reviewing the source code (if possible), and looking for any unusual behaviors or dependencies. Tools that automatically scan packages for known vulnerabilities or suspicious patterns can also be invaluable.
3. Least Privilege Principle: Adhering to the principle of least privilege is crucial. Developers should operate with the minimum necessary permissions for their daily tasks, limiting the potential damage if a system is compromised.
4. Network Segmentation and Monitoring: Organizations should segment their development environments and implement robust network monitoring to detect unusual outbound connections or activities indicative of C2 communication.
5. Multi-Factor Authentication (MFA): Implementing MFA for all critical accounts, especially those related to package registries, GitHub, cloud providers, and cryptocurrency exchanges, can significantly reduce the risk of credential theft leading to account compromise.
6. Security Awareness Training: Regular security awareness training for developers, focusing on social engineering tactics and supply chain attack vectors, is paramount.
7. Automated Security Tools: Utilizing static and dynamic application security testing (SAST/DAST) tools, as well as software composition analysis (SCA) tools, can help identify malicious components or vulnerable dependencies within projects.
8. Stay Informed: Keeping abreast of the latest threats and vulnerabilities, through reports from cybersecurity firms like ReversingLabs, JFrog, Jamf, and Panther, is essential for proactive defense.

This "Ghost" campaign serves as a stark reminder that the digital battleground is constantly evolving. As developers increasingly rely on vast ecosystems of open-source tools and emerging technologies like AI, attackers will continue to innovate their methods, exploiting trust and complexity to achieve their nefarious goals. The collaborative efforts of security researchers in identifying and dissecting these campaigns are vital, but ultimately, a collective commitment to robust security practices from individual developers to major platform providers is required to safeguard the integrity of the software supply chain.