Hackers Hijack 18 Popular npm Packages Downloaded Over 2 Billion Times Weekly

Hackers have hijacked 18 extremely popular npm packages, downloaded more than 2 billion times every week, injecting them with sophisticated malware that targets cryptocurrency users and developers.

Early on September 8th, a security feed flagged the sudden update of 18 npm packages—including favorites like chalk, debug, chalk-template, and supports-color—with malicious code, as per a report by Aikio.

These packages are used by millions of apps and are the backbone for development tools, logging, color output, and text processing.

The attack has wide-reaching consequences given their enormous distribution, with some—like “debug” and “chalk”—each seeing hundreds of millions of weekly downloads.

Mass npm Package Hijack Discovered

The attackers injected malware that hooks critical browser APIs such as fetch, XMLHttpRequest, and wallet interfaces like window.ethereum and Solana.

The code stealthily scans traffic and web content for cryptocurrency wallet addresses and payment requests.