Gallery

Contacts

405 W. Greenlawn Ave Lansing, Michigan 48910

contact@techjacksolutions.com

+1-616-320-4064

A threat actor published four malicious npm packages delivering credential-stealing malware, a Golang DDoS botnet (Phantom Bot), and a cloned Shai-Hulud worm reconfigured with a new C2 server. The campaign explicitly targets cloud credentials, SSH keys, cryptocurrency wallets, and AI-assisted development tools including Claude Code session hooks. With approximately 3,000 combined downloads and a correlated BreachForums competition incentivizing supply chain attack development, this campaign is assessed as a precursor to broader exploitation.

Author

Tech Jacks Solutions