Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

A threat actor published four malicious packages to npm, collectively downloaded nearly 3,000 times, delivering credential-stealing malware and a DDoS botnet. The campaign targets cloud credentials, cryptocurrency wallets, SSH keys, and AI-assisted development environments including Claude Code. OX Security analysts assess this as a likely precursor to broader supply chain attacks, correlated with an active BreachForums competition incentivizing supply chain attack development.

Author

Tech Jacks Solutions