PhantomRaven and the npm Supply Chain Threat 

In October 2025, security researchers at Koi Security uncovered a highly sophisticated supply chain attack targeting the npm ecosystem. The campaign, named PhantomRaven, consists of over 120 malicious packages that appear harmless but execute harmful code during installation. These packages evade detection by declaring zero dependencies and leveraging lifecycle hooks to fetch remote payloads dynamically. These attacks demonstrate how attackers exploit trust and automation in modern development workflows. 

What PhantomRaven Is and How It Works 

PhantomRaven is a stealthy supply chain attack designed to compromise npm environments. It infiltrates developer systems by masquerading as legitimate packages while embedding malicious behavior in lifecycle scripts. Instead of shipping malware directly, PhantomRaven fetches its payload from attacker-controlled servers after installation, making static analysis ineffective. 

Detailed Attack Techniques: 

• Zero Dependencies: Packages declare no dependencies, making them look clean and lightweight to automated scanners. 

• Lifecycle Hook Abuse: Malicious scripts are hidden in preinstall hooks, which execute silently during installation. 

• Remote Payload Delivery: The actual malware is downloaded post-installation, bypassing static code checks. 

• Slopsquatting: Attackers register package names that mimic AI-suggested names or common typos, tricking developers. 

• Credential Theft: The payload targets sensitive credentials such as npm tokens, GitHub secrets, and CI/CD keys. 

Why Zero Dependencies Are Misleading 

Zero-dependency packages often signal simplicity and trustworthiness, but PhantomRaven weaponizes this perception. Without dependencies to inspect, security tools may overlook malicious lifecycle scripts or dynamic payload fetching. Developers often assume fewer dependencies mean fewer risks, but these attacks prove otherwise. 

Warning Signs in Zero-Dependency Packages: 

• No dependencies listed in package.json. 

• The presence of lifecycle scripts like preinstall or post install. 

• Maintainers with no reputation or unfamiliar names. 

• Unexpected network activity during installation, such as outbound HTTP requests. 

Payload Behavior and Capabilities 

Once installed, PhantomRaven activates silently through lifecycle hooks. It fetches its core components dynamically, adapting its behavior based on the victim’s environment. This allows attackers to deliver benign code to researchers while deploying full-featured malware in production systems, making detection extremely difficult. 

Capabilities of PhantomRaven’s Payload: 

• System Fingerprinting: Collects OS details, IP addresses, and environment variables. 

• Credential Harvesting: Targets secrets from npm, GitHub, GitLab, Jenkins, and CircleCI. 

• Data Exfiltration: Uses HTTP GET/POST and WebSocket connections for stealthy data transfer. 

• Dynamic Targeting: Adjusts attack behavior based on IP, OS, and network configuration. 

Detection and Attribution 

Koi Security detects PhantomRaven through behavioral monitoring, noticing unusual outbound HTTP requests during npm installs. Further investigation reveals patterns that link multiple malicious packages to the same infrastructure, despite the attacker’s attempts at obfuscation. 

Indicators and Attribution Clues: 

• Lifecycle hook abuse in preinstall scripts across multiple packages. 

• Remote Dynamic Dependencies (RDD) fetching external code post-installation. 

• Reused usernames like npmhell and sequential email addresses across package maintainers. 

• Shared infrastructure pointing to identical domains and IP ranges, enabling correlation. 

• Published Indicators of Compromise (IoCs) include compromised package names, suspicious domains, and IP addresses for remediation. 

Developer Recommendations 

PhantomRaven highlights the need for proactive security measures. Automated tools alone cannot catch dynamic threats, so developers must combine tooling with manual review and cautious behavior. Supply chain security is no longer optional—it’s a critical part of modern development. 

Best Practices for Developers: 

• Inspect package.json for lifecycle scripts before installing any package. 

• Avoid zero-dependency packages from unknown or unverified sources, even if they seem harmless. 

• Use security tools like npm audit, Snyk, and Socket.dev for continuous monitoring and anomaly detection. 

• Rotate credentials regularly and monitor anomalies in CI/CD pipelines to limit exposure. 

• Verify package names carefully, especially those suggested by AI tools or autocomplete features, to avoid Slopsquatting traps. 

The Future of Package Registry Security 

PhantomRaven underscores the urgency of strengthening security across open-source ecosystems. Registries adopt zero-trust principles, cryptographic verification, and real-time threat detection to counter evolving attacks. These measures aim to reduce reliance on trust-based models and introduce verifiable integrity at every stage of the software lifecycle. 

Key Trends and Improvements Ahead 

• Trusted Publishing: Adoption of OpenID Connect (OIDC)-based workflows to eliminate long-lived authentication tokens and tie publishing actions to verified identities. This ensures that only authenticated and authorized users can publish packages. 

• Mandatory Multi-Factor Authentication (MFA): Enforcing hardware-backed Multi-Factor Authentication for package maintainers to prevent account hijacking and unauthorized publishing. MFA adds an extra layer of security beyond passwords, reducing the risk of compromised accounts. 

• Software Bill of Materials (SBOM) and Provenance: Integrating standards like Supply-chain Levels for Software Artifacts (SLSA) and Sigstore to guarantee secure, reproducible builds and verifiable package integrity. SBOM provides transparency into all components of a package, while provenance ensures the package was built in a trusted environment. 

• Dynamic Malware Detection: Leveraging Artificial Intelligence (AI)-driven scanning tools that analyze package behavior during installation and runtime, not just static code. This helps detect threats that hide behind dynamic payloads or lifecycle scripts. 

• Developer Education: Promoting secure development practices, package hygiene, and cautious use of automation tools to reduce human error. Education initiatives aim to make developers aware of risks like Slopsquatting and lifecycle hook abuse. 

Lessons Learned  

PhantomRaven demonstrates how attackers exploit trust, automation, and minimalism to infiltrate developer environments. It exposes gaps in how developers and security tools evaluate package safety, making supply chain security a top priority for the future. The incident serves as a wake-up call for the entire software industry: security must evolve as fast as attackers do.