The Hacker News · May 18, 2026 8:57 AM

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP.
The list of identified packages is below -

chalk-tempalte (825 Downloads)
@deadcode09284814/axios-util (284 Downloads)
axois-utils (963 Downloads)
color-style-utils (934 Downloads)

"One of the packages (chalk-tempalte)

Read at The Hacker News

Was this helpful?

Granite Embedding Multilingual R2: Open Apache 2.0 Multilingual Embeddings with 32K Context — Best Sub-100M Retrieval Quality 2026-05-17
Building Blocks for Foundation Model Training and Inference on AWS 2026-05-17
MiniPlasma Windows 0-Day Enables SYSTEM Privilege Escalation on Fully Patched Systems 2026-05-17
Video Friday: AI Gives Robot Hands Humanlike Dexterity 2026-05-17

← Back to edition

Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware

Was this helpful?

Related