Security researchers warn of a major weakness in npm’s remote dynamic dependencies (RDD) that allowed attackers to push credential‑stealing packages into the registry as part of a campaign tracked under the name PhantomRaven. The effort reportedly involved more than 100 credential‑stealing packages since August, with a large portion detected only after widespread download activity.
Security firm Koi says PhantomRaven leveraged npm’s RDD feature to publish 126 malicious packages, which have been downloaded collectively over 86,000 times. About 80 of these packages remained accessible earlier this week. The campaign highlights how attackers can abuse the dependency mechanism to pull in code from untrusted sources.
PhantomRaven exploits a known blind spot: Remote Dynamic Dependencies are not visible to static analysis tools. RDD enables a package to fetch dependencies from untrusted domains, including sites using HTTP, which is not encrypted. The attacker‑hosted code is embedded in the 126 packages, and downloads the malicious payloads from URLs such as http://packages.storeartifact.com/npm/unused-imports. Developers often see the package as having “0 Dependencies,” masking the true network behavior to security scanners.
Once a package is installed, the embedded code steers the system to download and install these external dependencies dynamically and freshly from the attacker’s server, rather than relying on cached or versioned artifacts. This means the payload could change over time and evade simple version checks during installation.
Experts advise developers to audit their npm dependencies carefully, monitor for unusual network activity, and constrain or disable remote dependency retrieval where possible. The Koi report urges practitioners to look for indicators of compromise and rethink reliance on RDD, as static analysis alone may fail to reveal these attack vectors.
