Overview
- Koi Security reports the campaign began in August 2025 and that roughly 80 of the 126 packages were still available when disclosed.
- The packages use Remote Dynamic Dependencies to pull code from attacker‑controlled HTTP URLs at install time, making them look dependency‑free to scanners.
- Fresh downloads let operators tailor payloads or delay malware, with execution triggered by lifecycle scripts such as preinstall.
- The malware profiles systems and exfiltrates npm tokens, GitHub credentials, and CI/CD secrets for GitLab, Jenkins, and CircleCI using HTTP requests or WebSockets.
- Reported install totals vary across outlets, and Koi published indicators of compromise and a full package list to support detection and auditing.