- Forensic, Incident Response
IOCs of the npm crypto stealer supply chain incident
September 25, 2025
Regarding the Node Package Manager (npm) supply chain attack that started September 8, 2025, and affected 27 packages, we have collected and identified corresponding hashes to make them publicly available in one single place for easier access.
This blogpost exclusively relates to the Qix npm account compromise and the following compromise of multiple npm packets with a crypto stealer. It does explicitly not cover the more recent incident with an “npm worm” referred to as “Shai-Hulud”.
The following packages and versions were affected by the crypto stealer:
Consultant
- Forensic, Incident Response
| Package name | Package version | Vulnerability identifier |
| @coveops/abi | 2.0.1 | MAL-2025-47025 |
| @duckdb/duckdb-wasm | 1.29.2 | CVE-2025-59037 |
| @duckdb/node-api | 1.3.3 | CVE-2025-59037 |
| @duckdb/node-bindings | 1.3.3 | CVE-2025-59037 |
| ansi-regex | 6.2.1 | GHSA-jvhh-2m83-6w29 |
| ansi-styles | 6.2.2 | GHSA-p5rr-crjh-x7gr |
| backslash | 0.2.1 | GHSA-m2xf-jp99-f298 |
| chalk | 5.6.1 | GHSA-2v46-p5h4-248w |
| chalk-template | 1.1.1 | GHSA-3jjr-pvq7-4jq5 |
| color | 5.0.1 | GHSA-j8fv-6x8p-p766 |
| color-convert | 3.1.1 | GHSA-ch7m-m9rf-8gvv |
| color-name | 2.0.1 | GHSA-m99c-cfww-cxqx |
| color-string | 2.1.1 | GHSA-3q87-f72r-3gm6 |
| debug | 4.4.2 | GHSA-8mgj-vmr8-frr6 |
| duckdb | 1.3.3 | CVE-2025-59037 |
| error-ex | 1.3.3 | GHSA-5g7q-qh7p-jjvm |
| has-ansi | 6.0.1 | GHSA-jff9-gjh4-j359 |
| is-arrayish | 0.3.3 | GHSA-hfm8-9jrf-7g9w |
| prebid-universal-creative | 1.17.3 | CVE-2025-59039 |
| prebid.js | 10.9.2 | CVE-2025-59038 |
| proto-tinker-wc | 0.1.87 | GHSA-h9m7-rmhq-pfgr |
| simple-swizzle | 0.2.3 | GHSA-wwpx-h6g5-c7x6 |
| slice-ansi | 7.1.1 | GHSA-9xjj-cmqc-578p |
| strip-ansi | 7.1.1 | GHSA-vfjc-p7x3-q864 |
| supports-color | 10.2.1 | GHSA-pj3j-3w3f-j752 |
| supports-hyperlinks | 4.1.1 | GHSA-hggr-35mp-qcxg |
| wrap-ansi | 9.0.1 | GHSA-2rv4-jp6r-xgq7 |
While there are different writeups available, e.g. from Socket.dev, Aikido and Yara rules by Nextron Systems (Florian Roth), our experience shows that in most enterprise environments the easiest IoCs to hunt for are file hashes.
The few file hashes we were able to find online were spread across multiple platforms and didn’t include some of the file hashes we observed ourselves.
To achieve the greatest possible coverage, we compared the file hashes of the affected package versions with those of the predecessor versions to identify the files containing malicious payloads. After processing the files by actual relevance, we were left with the following list. We have uploaded the relevant files to Malware Bazaar.
We were unable to acquire the relevant files or their hashes of the packages color and @duckdb/duckdb-wasm.
IoCs
| SHA256 hash | Package |
| 18c89177e52fa9b220d2a31d8b6cc600fc33c04ff6226d33baf2ef44abb0b958 | @coveops/abi 2.0.1 |
| cebbe1b84b450d66a10d9371273f4367a895d26be47e23b762647752e670b2a0 | @coveops/abi 2.0.1 |
| 40efffba1cb3f5ca47e583f8f9a91d0684f11926b776bfbce1125d19c7b7e7d4 | @duckdb/node-api 1.3.3 |
| e54bae5d609ecfb6a9a3058bd4ac5553e672c054cca9dff50c24085ea911cf75 | @duckdb/node-bindings 1.3.3 |
| 5da2e940ce5288dfe73deca2723544c19ce4e3dc8fe32880801c6675de12db0a | ansi-regex 6.2.1 |
| 754722fa3fd7f8cd1ae5196656aa6d71d59e0915321f3da949652988f6920730 | ansi-styles 6.2.2 |
| 30700331b6b08d5b6d8988af52a6ed20527a091b8f52d79ec1f2a8f9cea24657 | backslash 0.2.1 |
| d2b4a2ff532ff6d8f5213688324f1b69833efb13dc80d52692dae098f89371d8 | chalk 5.6.1 |
| 4b2695e6ce5ecc24d1fb37e987ce844d7f5272d835913520096ab790bbdc9784 | chalk-template 1.1.1 |
| eefdc0454900e29788d29cdc919bc5eff37c7a936e49547518e3e14d31a1a4f8 | color-convert 3.1.1 |
| a6a1cd72fbdc883b69cd988b43e6ef836f3517c3f2903ce34b48517d164cd70d | color-name 2.0.1 |
| e8731a1fc574e511430b0a6dd01d28af2ec9528259f2a7d4d7a657af5b741c67 | color-string 2.1.1 |
| 487eb25ee3da4b0c4a908be416bba551745eae20a9330e24c90daed0da2e42fa | Debug 4.4.2 |
| c2c292e6f8c31f83aed83de5568b2c549fee262402f425f6dc4f4d9e89d8f4f2 | duckdb 1.3.3 |
| 84d70ba88af8790ef4943483aa198cae9e25f0be5ba878680856880ebd4240de | duckdb 1.3.3 |
| 72035ac827454c84ce20919657fc49e0b49b19e00c2c627602bef77e28e64a13 | error-ex 1.3.3 |
| d2f01e17c87592838a207573db0cd475fbe70b7e3cc2bf8fb569444c47a64d74 | has-ansi 6.0.1 |
| 161e91905f68da8aea108c6271936b732cc30668ad6177384b37025358fe2075 | is-arrayish 0.3.3 |
| 731bc7673eb9f4809c8aa77499cac6c99db4e88e001ac06bdd59bd91f8111d50 | prebid-universal-creative 1.17.3 |
| 2de3f3082395f9893b560f8260b09c2e43d5f875f41e7c10283f2afc079c5f41 | prebid-universal-creative 1.17.3 |
| 99f72619c8c924b2696017b357af058e16d8c529d0e7f15841f017b385e577a1 | prebid-universal-creative 1.17.3 |
| 3d0bfd9691dba156a71430d27b0220156af53c46fbcdb6887c0ae59e59561378 | prebid-universal-creative 1.17.3 |
| a453d224e7c31d9b40d46dde384f07317b3deae4ecdf9c62e7563c4c4b644023 | prebid-universal-creative 1.17.3 |
| a80f9d6010a8e930c7f99ec1c5141f953c018bb49d69f8073b21c0e2dbeb0eac | prebid-universal-creative 1.17.3 |
| 88e8a47a09b2f25b1fde9a73b07d3e6569f4715c043fcd9ab756c3d2b67a832d | prebid-universal-creative 1.17.3 |
| 63824e74362561e82443c754c17a602678d1ae098f47b3a02a410479f6c93f2a | prebid-universal-creative 1.17.3 |
| 90ab5cce6a913c09f6c5265841de0779a63294b0631f93ed6b9a7246286e84c7 | prebid.js 10.9.2 |
| 24840c7023e40e10257e4af39edc08947662e71c40fffc1aba2a4940c588ba7f | prebid.js 10.9.2 |
| d246ac0d3100182ed57e71437a26059b4debe43b4ab4c7efdf5aadf6cf935144 | prebid.js 10.9.2 |
| 49dc8da16de89b42f9e149a964f8a4c574444a9e9ab407e221d640bf05988542 | proto-tinker-wc 0.1.87 |
| 3dcacdcab1bd77924095b859a6074f79a505b2d29aa746003f73a876d04392a6 | proto-tinker-wc 0.1.87 |
| 1cc9053d62745b5e4c1ef0f60947ed83576d3d203ca2a58aef9d0a20e988a134 | proto-tinker-wc 0.1.87 |
| 2aaad37067814cc197efae927d81d0d98f218d9328959417f8d12764969f7d59 | proto-tinker-wc 0.1.87 |
| ee60d51f79f5bbed20976b66cd89777c6834a96c538419964b439102e678cde7 | simple-swizzle 0.2.3 |
| 3a46b0cbc0e0e511f4b934bcdd31873aa99cbda46888021b1b1bf4094a7ce0d5 | slice-ansi 7.1.1 |
| 587e834e3c25c8344adda2d94608759de0783230c5204d8806e1142b9128ee74 | strip-ansi 7.1.1 |
| 2fb265403fcb35669fff4690a2b8aae8f359bed3b7eec9ed9a4bd1a23229d663 | supports-color 10.2.1 |
| a0691bee000dff602387c291db332954a414f86b7e1847e3852269a464b9f4c2 | supports-color 10.2.1 |
| 19020c7ce1964761eab25e3d6e42f7e7bc5139dbb884dc65dd6c9760e3131419 | wrap-ansi 9.0.1 |
| 06bf0057348d26021606941eee7338b85896f88eab3766312fa7605ac14d0f2b | supports-hyperlinks 4.1.1 |
If you are interested in a deeper technical analysis or the related crypto addresses, take a look at the following blogpost by socket.dev: https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack.
Further blog articles
Loader Dev. 4 – AMSI and ETW
April 30, 2024 – In the last post, we discussed how we can get rid of any hooks placed into our process by an EDR solution. However, there are also other mechanisms provided by Windows, which could help to detect our payload. Two of these are ETW and AMSI.
Author: Kolja Grassmann
Loader Dev. 3 – Evading userspace hooks
April 10, 2024 – In this post, we will go over techniques to avoid hooks placed into memory by an EDR.
Author: Kolja Grassmann
Loader Dev. 2 – Dynamically resolving functions
March 10, 2024 – In this post, we discuss dynamically resolving functions, which help to avoid static detections based on the functions imported by our executable.
Author: Kolja Grassmann
Loader Dev. 1 – Basics
February 10, 2024 – This is the first post in a series of posts that will cover the development of a loader for evading AV and EDR solutions.
Author: Kolja Grassmann