node-ipc npm Distribution Compromised (Campaign)
ID: 11c667a5-a9f9-5165-b2a0-a105154b28ec
STIX ID: report--11c667a5-a9f9-5165-b2a0-a105154b28ec
Feed Name: Wiz Cloud Threat Landscape
Date Published: 2026-05-14
Date Updated: 2026-05-20
Author: [email protected] (Wiz Threat Research)
**Executive summary:** On 14 May 2026 trojanized versions of the node-ipc npm package ([email protected], [email protected], [email protected]) were published following a likely maintainer account compromise; the injected code collects a wide range of environment, network and developer secrets, writes them to a tar.gz archive and exfiltrates the data using DNS TXT tunneling to a resolved IP, then exits without persisting.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.