Popular node-IPC NPM package compromised to steal credentials
The node-ipc npm package has been compromised by hackers to steal credentials through newly published versions. This supply chain attack was detected by multiple security companies, revealing that the malware collects sensitive information from infected systems. Developers are advised to remove the affected versions and rotate their credentials immediately.
- ▪Hackers injected credential-stealing malware into the node-ipc package, which is widely used for inter-process communication.
- ▪The malicious versions include [email protected], [email protected], and [email protected], and the malware collects various types of sensitive data.
- ▪The attackers used DNS TXT queries for data exfiltration, making the traffic blend into normal DNS activity.
Opening excerpt (first ~120 words) tap to expand
Popular node-ipc npm package compromised to steal credentials By Bill Toulas May 15, 2026 01:10 PM 0 Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm. The node-ipc package is a Node.js module that enables various processes to communicate through all forms of sockets, including Unix, Windows, UDP, TLS, and TCP. Despite the maintainer publishing in March 2022 weaponized versions that targeted Russia and Belarus-based systems with a data-overwriting module, in protest to the Russian invasion of Ukraine, the package still has more than 690,000 weekly downloads on npm.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at BleepingComputer.
Discussion
0 commentsMore from BleepingComputer
