Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

2026-05-18

1 min read

by info@thehackernews.com (The Hacker News)

Receive daily AI-curated summaries of engineering articles from top tech companies worldwide.

Security researchers discovered four malicious npm packages containing infostealers and DDoS malware.

•'axois-utils' delivers Phantom Bot, a Golang DDoS botnet with HTTP/TCP/UDP flood capabilities and persistence on Windows and Linux
•'chalk-tempalte' contains a Shai-Hulud worm clone configured with C2 server at 87e0bbc636999b.lhr.life
•Three packages steal SSH keys, cloud credentials, system information, IP addresses, and cryptocurrency wallet data
•Stolen data sent to C2 servers: 80.200.28.28:2222 and edcf8b03c84634.lhr.life
•All published by npm user 'deadcode09284814'

This summary was automatically generated by AI based on the original article and may not be fully accurate.

Related Articles