Three Malicious npm Packages Impersonate PostCSS Tools to Deploy Windows RAT
Researchers have uncovered three malicious npm packages posing as PostCSS tools that deliver a multi-stage Windows remote access trojan, targeting developers in a supply-chain attack.
Cybersecurity researchers at JFrog have identified three malicious npm packages—aes-decode-runner-pro, postcss-minify-selector, and postcss-minify-selector-parser—that masquerade as legitimate PostCSS build tools to deliver a full-featured Windows remote access trojan (RAT). The packages, published by the npm user 'abdrizak' over the past month, have collectively accumulated over 1,000 downloads, posing a significant threat to developers who inadvertently install them.
The attack chain begins when a developer installs any of the three packages, which contain a JavaScript dropper that writes a PowerShell script named 'settings.ps1' to disk and executes it. This PowerShell script acts as a downloader, using 'curl.exe' to retrieve a ZIP archive from the external server 'nvidiadriver[.]net'. The archive contains a Visual Basic Script ('update.vbs'), a Python runtime, a Python loader ('loader.py'), and several Python extension modules compiled with Nuitka. The VBS script sets up the Python environment and launches the loader, which triggers the core RAT logic.
Once executed, the RAT establishes communication with a command-and-control (C2) server at '95.216.92[.]207:8080' and is equipped with a broad range of espionage capabilities. It can gather host information, steal credentials from Google Chrome (bypassing app-bound encryption protections), collect data from Chrome extensions, run shell commands, and download or upload files to and from the C2 server. These features are implemented through a set of Python native extension modules, including 'config.pyd' for constants and C2 URLs, 'api.pyd' for HTTP C2 communication, 'audiodriver.pyd' for the main orchestration loop, 'command.pyd' for host profiling and file operations, 'auto.pyd' for credential theft, and 'util.pyd' for archive helpers.
The packages are designed to appear legitimate by mimicking popular npm libraries. For instance, 'postcss-minify-selector-parser' is a typosquat of the widely used 'postcss-selector-parser', which boasts over 127 million weekly downloads. 'Aes-decode-runner-pro' and 'postcss-minify-selector-parser' present themselves as layered AES/custom-codec packages, while 'postcss-minify-selector' claims to be a PostCSS selector minifier. Regardless of which package is installed, the infection chain leads to the same Windows malware.
JFrog noted that this campaign highlights how small, parser-like packages can hide multi-stage Windows payloads while appearing related to legitimate build tooling with massive usage. The discovery coincides with several other malicious npm campaigns, including a package named 'apintergrationpost' that delivers a Linux RAT called MYRA, a package impersonating Google's Stitch AI design tool that steals developer credentials, and a cluster of five packages that drop a Windows dropper binary. Additionally, a supply chain attack targeting the 'gonex-AI/Understand-Anything' knowledge graph tool was found to use blockchain-based C2 infrastructure.
Users who have installed any of the identified packages are advised to remove them immediately, delete any artifacts created by the malware, and rotate credentials from affected developer machines. The ongoing wave of npm supply chain attacks underscores the critical need for developers to scrutinize dependencies and for organizations to implement robust package vetting processes.