logo

Stardrop Supply Chain Attack Targets Venture Capital Firms, Luxury Brands, and AI Companies

ID: 09c26e2b-65ab-5b16-8009-48db8dd707e7

STIX ID: report--09c26e2b-65ab-5b16-8009-48db8dd707e7

Feed Name: OpenSourceMalware Blog

Threat Score
80/100

Date Published: 2026-04-14

Date Updated: 2026-06-20

Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2

...
...

OpenSourceMalware uncovered a large npm-based supply-chain campaign named "Stardrop" that has published over 200 malicious packages impersonating an AI coding agent; the packages use npm optionalDependencies and postinstall scripts to install platform-specific binary payloads that act as infostealers—harvesting OpenAI/Anthropic API keys, cloud credentials, and other sensitive data. Although npm removed many packages quickly, global CDNs and mirrors still serve them, and analysts recovered Windows, macOS, and Linux binaries demonstrating credential harvesting, cloud metadata access, and stealthy deployment.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.