Hackers Sneak AdaptixC2 Into npm to Breach Dev Systems

Hackers sneak AdaptixC2 into the npm ecosystem by disguising it as a legitimate package, targeting developers who rely on Node.js modules. Researchers in October discovered that a malicious library named “https-proxy-utils” mimicked popular proxy tools such as “http-proxy-agent.” Once installed, it executed a post-installation script that deployed the AdaptixC2 agent, giving attackers covert access to the infected system.

Securelist was the first to identify the campaign, which showcases a growing trend of attackers exploiting trusted open-source platforms. Hackers sneak AdaptixC2 into systems using OS-specific payloads, adapting the infection method for Windows, macOS, and Linux. On Windows, the malware sideloads a DLL file next to a legitimate executable, allowing it to run quietly in the background.

The campaign highlights the urgent need for developers to verify open-source packages and monitor dependencies.

To read the full report, visit the official article at

Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework