Detecting the NPM Supply Chain Compromise Before It Spread

Group-IB describes a simulated NPM supply-chain compromise in which a phishing campaign impersonating NPM Support led to the takeover of a developer account (qix) and modification of 20 popular packages with a JavaScript clipper that replaced cryptocurrency wallet addresses (targeting BTC, ETH, SOL, TRX, LTC, BCH); the report lists IOCs (domains, URLs, IP), details phishing tactics, and explains how Business Email Protection detects such attacks.