Npm Package Hack Plants Trojan in 45,000 Downloads

A widely used npm package, *rand-user-agent*, has been compromised in a supply chain attack, injecting obfuscated code designed to deploy a remote access trojan (RAT) on users’ systems. The malicious package, which sees approximately 45,000 downloads per week, was altered to include code that covertly grants attackers backdoor access to affected machines.

The tampered component was distributed through the official npm registry, which is commonly used by developers to manage JavaScript packages. Once installed, the altered package activates the RAT, enabling threat actors to remotely control the infected environment. The obfuscation is intended to evade detection by traditional security tools, raising concerns about the integrity of open-source software dependencies.

This incident underscores the growing threat posed by supply chain attacks, where malicious code is introduced into software during the development process. Developers and organizations are urged to verify the integrity of third-party packages and monitor for suspicious activity in their environments.