Aikido Security reported on Sept. 8 that new, malicious versions of 18 popular npm packages were published beginning at 13:16 UTC and contained code designed to intercept web-based crypto activity and rewrite payment and approval destinations. The company said the affected packages together have more than two billion downloads per week.
The malicious code injects itself into browser functions and common wallet interfaces by hooking APIs such as fetch, XMLHttpRequest and window.ethereum, scans network responses and transaction payloads for wallet identifiers across multiple chains, and replaces legitimate destinations with attacker-controlled addresses before users see or sign transactions.
Aikido published deobfuscated examples from modified package files and said a maintainer reported being compromised via a phishing email. The maintainer shared that their account was accessed and later replied that they were removing compromised content. The phishing domain used was npmjs.help and that the domain had been registered on Sept. 5. The author also commented on HackerNews, according to the article.
The injected logic both rewrites data shown on web pages and mutates transaction parameters for Ethereum and Solana (for example changing the recipient or approval target), and the code uses lookalike string-matching to make replacements harder to notice. Aikido described the injection as operating at multiple layers so that user interfaces may appear correct while underlying, signed transactions are altered.
The article listed indicators of compromise and affected package versions, including backslash, chalk-template, supports-hyperlinks, has-ansi, simple-swizzle, color-string, error-ex, color-name, is-arrayish, slice-ansi, color-convert, wrap-ansi, ansi-regex, supports-color, strip-ansi, chalk, debug and ansi-styles.
A separate package, [email protected], contained the same malicious code and was detected at 16:58 UTC. The maintainer deleted much of the compromised package content before losing access to their account and, at the time of publishing, simple-swizzle remained compromised.