On September 9th, 2025, aikido published a blog entitled “npm debug and chalk packages compromised”. aikido uncovered the fact that a threat actor had inserted malicious code into 18 open-source software packages available through npm. npm is a JavaScript package manager that according to the npm website is relied upon by over 17 million developers. npm packages are freely downloadable and useable by anyone, making it easy for a threat actor to gain access to the source to insert and test their malicious code. In this case, through social engineering, the threat actor(s) gained access to at least one npm user’s account. Having access to the stolen account credentials then allowed the threat actor(s) to push their modifications into the npm repository, where it would be available for anyone who subsequently downloaded the package. The now malicious source code from these packages could then be unsuspectingly used on a large number of websites worldwide.

The attackers’ code, which was inserted into the pre-existing library code, was written to stealthily manipulate crypto activities to rewrite payment transactions. This code, although stored on the webserver, runs in the context of the user’s web browser. Modern day browsers are acting more like a virtual desktop then a web exploring application and in addition, they have the ability to execute code and access confidential data. Unfortunately for unsuspecting users, the browser is a dead-zone as far as most security tools are concerned, these tools cannot process the encrypted traffic and code that the browser sees and acts upon. In an attack such as this, best case the security solution notices the crypto traffic; however, based on the packages that the attacker inserted them into, this traffic is expected so there is nothing abnormal to trigger on. This means that the average user is out of luck and has their crypto stolen.

The code the threat actor(s) inserted is highly obfuscated to make analysis difficult. This, in and of itself, is not enough to trigger an alert on as many other websites use obfuscated code for (semi) legitimate purposes. All is not lost, however. If we look at this attack under the guise of content in context, we see some clues that indicate maliciousness. Legitimate JavaScript web code should not hook API functions such as fetch and XMLHttpRequest and in the specific case of this malware, wallet API functions. To further elaborate on this, looking solely at the code that reads the traffic or manipulates the transaction data cannot necessarily be deemed malicious — suspicious certainly but not necessarily bad enough to warrant an intervention. When that code is in the context of hooking an API function, now we have the confidence to force an intervention, block the malicious activity, and alert the user.

The good news in this case is that it appears that the malicious packages were detected quickly enough that they weren’t heavily downloaded and early reporting indicates that the attackers did not get a good return on their efforts — around five cents of ether and about $20 worth of an illiquid memecoin that traded less than $600 in volume. In summary, we dodged a bullet — this time. Imagine what could have happened if this was not detected and removed as quickly as it was. To further add to that, what if this was targeted as a more widely distributed information stealing attack, not just going after crypto? The consequences would have been far more reaching and impactful.

Here at Conceal, we operate in that critical dead zone that other solutions do not. We understand the importance of putting content into context to provide the best security possible while not impacting normal corporate operations.