Stardrop Supply Chain Attack Targets Venture Capital Firms, Luxury Brands, and AI Companies
ID: 09c26e2b-65ab-5b16-8009-48db8dd707e7
STIX ID: report--09c26e2b-65ab-5b16-8009-48db8dd707e7
Feed Name: OpenSourceMalware Blog
Date Published: 2026-04-14
Date Updated: 2026-06-20
Author: c0a15726-c5b1-4b0d-85e6-fe15553df9e2
OpenSourceMalware uncovered a large npm-based supply-chain campaign named "Stardrop" that has published over 200 malicious packages impersonating an AI coding agent; the packages use npm optionalDependencies and postinstall scripts to install platform-specific binary payloads that act as infostealers—harvesting OpenAI/Anthropic API keys, cloud credentials, and other sensitive data. Although npm removed many packages quickly, global CDNs and mirrors still serve them, and analysts recovered Windows, macOS, and Linux binaries demonstrating credential harvesting, cloud metadata access, and stealthy deployment.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
