{"id":1415,"date":"2026-06-23T10:01:39","date_gmt":"2026-06-23T10:01:39","guid":{"rendered":"https:\/\/thedigitalfortress.us\/?p=1415"},"modified":"2026-06-23T10:01:39","modified_gmt":"2026-06-23T10:01:39","slug":"malicious-npm-packages-pose-as-postcss-tools-to-deliver-windows-rat","status":"publish","type":"post","link":"https:\/\/thedigitalfortress.us\/?p=1415","title":{"rendered":"Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT"},"content":{"rendered":"<div>\n<p><span class=\"p-author\"><i class=\"icon-font icon-user\">\ue804<\/i><span class=\"author\">Ravie Lakshmanan<\/span><i class=\"icon-font icon-calendar\">\ue802<\/i><span class=\"author\">Jun 23, 2026<\/span><\/span><span class=\"p-tags\">Supply Chain Attack \/ Developer Security<\/span><\/p>\n<\/div>\n<div id=\"articlebody\">\n<div class=\"separator\" style=\"clear: both;\"><a href=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEiENcFC1DFPXKuRCT_WmSwq-wpzC8IcZUdZzu5IHi597n77W8LFs9qSUdDPCuMK9QzkRZEBMbBh4p2xhnI1OXZu4akIgR5suIv_yRA7AtEkojDcyXaU5x0UiZKRDRvTn0n0wy9HIQnhJj9zUO0rpemNOFNZEmMl4NQsCj5aDEpDrqXUkivsOX1QoLRqeKZh\/s1700-e365\/npmm.jpg\" style=\"display: block;  text-align: center; clear: left; float: left;\"><\/a><\/div>\n<p>Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT).<\/p>\n<p>The list of identified packages, is below &#8211;<\/p>\n<ul>\n<li>aes-decode-runner-pro (145 downloads)<\/li>\n<li>postcss-minify-selector (256 downloads)<\/li>\n<li>postcss-minify-selector-parser (615 downloads)<\/li>\n<\/ul>\n<p>All the packages were published over the past month by an npm user named \u00ab<a href=\"https:\/\/www.npmjs.com\/~abdrizak\">abdrizak<\/a>\u00bb and continue to be available for download from npm as of writing.\u00a0<\/p>\n<p>\u00abAes-decode-runner-pro and postcss-minify-selector-parser both present themselves as layered AES\/custom-codec packages and depend on the legitimate postcss-selector-parser,\u00bb JFrog <a href=\"https:\/\/research.jfrog.com\/post\/from-postcss-typosquat-to-windows-rat\/\">said<\/a> in an analysis. \u00abPostcss-minify-selector presents itself as a PostCSS selector minifier and depends on postcss-minify-selector-parser.\u00bb<\/p>\n<p>As for \u00abpostcss-minify-selector-parser,\u00bb the name is a reference to \u00ab<a href=\"https:\/\/www.npmjs.com\/package\/postcss-selector-parser\">postcss-selector-parser<\/a>,\u00bb a widely used npm library with more than 127 million weekly downloads. Regardless of the package downloaded, the attack chain leads to the deployment of the same Windows malware.<\/p>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/ai-cant-stop-d\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEjPEV6-530TOlxG6PjrmdlY623wpBwduZ7t1HV6flcmO5R4q4AmfixDUzW0CrhlvMVNWbhvOIso-UDNTka4W_W9Chrdj_dglwBZwi7DuePM2IMIl-hfUYVIqBXgfpr_2619K8Gptb4LzwJ6gUbi7lWl2M8AFQJsHEaw63Q7tZ6708YGruiHrr0Y2W9YYxLQ\/s728-e100\/ThreatLocker-d.png\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>The packages come embedded with a JavaScript dropper that writes a PowerShell script (\u00absettings.ps1\u00bb) to disk and executes it. The PowerShell script then acts as a downloader for a next-stage payload retrieved from an external server (\u00abnvidiadriver[.]net\u00bb) using the \u00abcurl.exe.\u00bb<\/p>\n<p><a name=\"more\"\/><\/p>\n<p>The retrieved payload is a ZIP archive, from which a Visual Basic Script (\u00abupdate.vbs\u00bb) file is extracted and run using \u00abwscript.exe.\u00bb Also bundled in the downloaded ZIP file is a Python runtime, a Python loader (\u00abloader.py\u00bb), and a number of Python extension modules (*.pyd) compiled using <a href=\"https:\/\/nuitka.net\/\">Nuitka<\/a>.<\/p>\n<p>Visual Basic is responsible for setting up the Python environment on the compromised host and launching the \u00abloader.py\u00bb script, which then triggers the core logic of the malware. The RAT is equipped to gather host information, siphon credentials from Google Chrome, collect data from Chrome extensions, run shell commands, and download\/upload files to and from a command-and-control (C2) server (\u00ab95.216.92[.]207:8080\u00bb).<\/p>\n<p>These features are realized through a set of Python native extension modules &#8211;<\/p>\n<ul>\n<li>config.pyd, which contains constants, command IDs, C2 URL, registry key names<\/li>\n<li>api.pyd, which handles HTTP C2 packet exchange<\/li>\n<li>audiodriver.pyd, which handles the main RAT orchestration loop<\/li>\n<li>command.pyd, which profiles the host, runs virtual machine (VM) checks, file transfer, and shell execution<\/li>\n<li>auto.pyd, which performs Chrome credential and extension theft, bypassing app-bound encryption (ABE) protections<\/li>\n<li>util.pyd, which acts as tar\/gzip archive helpers<\/li>\n<\/ul>\n<p>\u00abThis case shows how a small parser-like package can hide a multi-stage Windows payload while appearing related to legitimate build tooling with massive weekly usage,\u00bb JFrog said. \u00abFor defenders, the important lesson is to treat lookalike build dependencies as potential delivery mechanisms, not just harmless naming noise.\u00bb<\/p>\n<p>The discovery coincides with three other campaigns targeting the npm and TypeScript ecosystem &#8211;<\/p>\n<ul>\n<li>A malicious package named \u00ab<a href=\"https:\/\/safedep.io\/malicious-apintergrationpost-npm-myra-rat\/\">apintergrationpost<\/a>\u00bb that delivers a full-featured Linux RAT dubbed MYRA, while claiming to be a Node.js integration client for authorized red team exercises. \u00abIt compiles a native C rootkit during install, establishes three independent persistence mechanisms, masquerades as a systemd service, supports fileless execution, and provides interactive shell access with live screen streaming,\u00bb SafeDep said.<\/li>\n<li>A malicious package named \u00ab<a href=\"https:\/\/safedep.io\/withgoogle-stitch-sdk-scope-squat-credential-harvester\/\">@withgoogle\/stitch-sdk<\/a>\u00bb that impersonates Google&#8217;s Stitch AI design tool but comes with capabilities to steal developer credentials from eight sources (Claude Code, git config, ~\/.git-credentials, SSH public keys, GitHub CLI, npm config, ~\/.npmrc, and ~\/.docker\/config.json) and exfiltrates them to an attacker-controlled domain (\u00abstitch-production[.]org\/api\/v1\u00bb).<\/li>\n<li>A cluster of <a href=\"https:\/\/safedep.io\/procwire-npm-windows-dropper-campaign\/\">five packages<\/a> (\u00abprocwire,\u00bb \u00abroutecraft,\u00bb \u00abendpointmap,\u00bb \u00abbytecraft,\u00bb and \u00abstaticlayer\u00bb) that delivers a dropper binary on Windows hosts from an external server and executes it during npm install. The \u00abroutecraft\u00bb package lists \u00abprocwire\u00bb as a dependency, while the latter lists \u00abendpointmap\u00bb and \u00abbytecraft\u00bb as dependencies. The last package, \u00abstaticlayer,\u00bb is designed to run on the server side and deliver files to a client that presents the dropper&#8217;s exact User-Agent.<\/li>\n<\/ul>\n<div class=\"dog_two clear\">\n<div class=\"cf\"><a href=\"https:\/\/thehackernews.uk\/vpn-threat-report-m\" rel=\"nofollow noopener sponsored\" target=\"_blank\"><img loading=\"lazy\" decoding=\"async\" class=\"lazyload\" alt=\"Cybersecurity\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhFlTC7RrRZGiFAgASS0noWSL0qsQGFVp8-Hvuw9yp3X3VKRuTcb5SsPX09wJzrdIM6pu1_5lS4EeZp7Sx4iYBpNJkrGnpr08yyaS1HQ5_5TxaCsP6O0OtHNuOkesn6CbNjao1GPulCJk-uljYMSfMZfBYNrngpe669t7jlRn1FqiEnXhsFD1WVkpaYIVgh\/s728-e100\/ai-d.jpg\" width=\"729\" height=\"91\"\/><\/a><\/div>\n<\/div>\n<p>Users who have installed any of the above packages are advised to remove them with immediate effect, remove any artifacts created by them, and rotate credentials from impacted developer machines.<\/p>\n<p>The findings also coincide with a <a href=\"https:\/\/safedep.io\/astro-config-blockchain-c2-supply-chain\/\">supply chain attack<\/a> targeting the \u00ab<a href=\"https:\/\/github.com\/Egonex-AI\/Understand-Anything\">gonex-AI\/Understand-Anything<\/a>\u00bb knowledge graph tool to push a malicious payload that \u00abbeacons one of three hardcoded C2 servers, exfiltrates a campaign marker, XOR-decrypts and evaluates a downloaded bot client, then independently resolves a second-stage command from a Tron blockchain address whose latest transaction encodes a BSC transaction hash carrying the active payload.\u00bb<\/p>\n<p>The activity overlaps with a North Korean supply chain operation dubbed PolinRider, which has been <a href=\"https:\/\/opensourcemalware.com\/blog\/polinrider-rides-again-north-korean-attack-expands-across-github\">observed<\/a> injecting obfuscated JavaScript into legitimate developers&#8217; configuration files across nearly 2,000 compromised GitHub repositories to deliver a known malware downloader and stealer referred to as BeaverTail, which then paves the way for the InvisibleFerret backdoor.<\/p>\n<p>\u00abThis attack combines three things that individually are familiar but together open a detection gap: an elaborate fake PR description with fabricated test evidence, a diff that hides its payload in horizontal whitespace, and a two-stage C2 where the second stage uses public blockchain infrastructure as a write-once, read-anywhere relay,\u00bb SafeDep said.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>\ue804Ravie Lakshmanan\ue802Jun 23, 2026Supply Chain Attack \/ Developer Security Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT).&hellip;<\/p>\n","protected":false},"author":1,"featured_media":1416,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[529,33,39,35,2150,2151,264,261,307],"class_list":["post-1415","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-deliver","tag-malicious","tag-npm","tag-packages","tag-pose","tag-postcss","tag-rat","tag-tools","tag-windows"],"_links":{"self":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1415","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1415"}],"version-history":[{"count":0,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/posts\/1415\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=\/wp\/v2\/media\/1416"}],"wp:attachment":[{"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1415"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1415"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thedigitalfortress.us\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}