- Forensic, Incident Response
IOCs of the npm crypto stealer supply chain incident
September 25, 2025
Regarding the Node Package Manager (npm) supply chain attack that started September 8, 2025, and affected 27 packages, we have collected and identified corresponding hashes to make them publicly available in one single place for easier access.
This blogpost exclusively relates to the Qix npm account compromise and the following compromise of multiple npm packets with a crypto stealer. It does explicitly not cover the more recent incident with an “npm worm” referred to as “Shai-Hulud”.
The following packages and versions were affected by the crypto stealer:
Consultant
- Forensic, Incident Response
| Package name | Package version | Vulnerability identifier |
| @coveops/abi | 2.0.1 | MAL-2025-47025 |
| @duckdb/duckdb-wasm | 1.29.2 | CVE-2025-59037 |
| @duckdb/node-api | 1.3.3 | CVE-2025-59037 |
| @duckdb/node-bindings | 1.3.3 | CVE-2025-59037 |
| ansi-regex | 6.2.1 | GHSA-jvhh-2m83-6w29 |
| ansi-styles | 6.2.2 | GHSA-p5rr-crjh-x7gr |
| backslash | 0.2.1 | GHSA-m2xf-jp99-f298 |
| chalk | 5.6.1 | GHSA-2v46-p5h4-248w |
| chalk-template | 1.1.1 | GHSA-3jjr-pvq7-4jq5 |
| color | 5.0.1 | GHSA-j8fv-6x8p-p766 |
| color-convert | 3.1.1 | GHSA-ch7m-m9rf-8gvv |
| color-name | 2.0.1 | GHSA-m99c-cfww-cxqx |
| color-string | 2.1.1 | GHSA-3q87-f72r-3gm6 |
| debug | 4.4.2 | GHSA-8mgj-vmr8-frr6 |
| duckdb | 1.3.3 | CVE-2025-59037 |
| error-ex | 1.3.3 | GHSA-5g7q-qh7p-jjvm |
| has-ansi | 6.0.1 | GHSA-jff9-gjh4-j359 |
| is-arrayish | 0.3.3 | GHSA-hfm8-9jrf-7g9w |
| prebid-universal-creative | 1.17.3 | CVE-2025-59039 |
| prebid.js | 10.9.2 | CVE-2025-59038 |
| proto-tinker-wc | 0.1.87 | GHSA-h9m7-rmhq-pfgr |
| simple-swizzle | 0.2.3 | GHSA-wwpx-h6g5-c7x6 |
| slice-ansi | 7.1.1 | GHSA-9xjj-cmqc-578p |
| strip-ansi | 7.1.1 | GHSA-vfjc-p7x3-q864 |
| supports-color | 10.2.1 | GHSA-pj3j-3w3f-j752 |
| supports-hyperlinks | 4.1.1 | GHSA-hggr-35mp-qcxg |
| wrap-ansi | 9.0.1 | GHSA-2rv4-jp6r-xgq7 |
While there are different writeups available, e.g. from Socket.dev, Aikido and Yara rules by Nextron Systems (Florian Roth), our experience shows that in most enterprise environments the easiest IoCs to hunt for are file hashes.
The few file hashes we were able to find online were spread across multiple platforms and didn’t include some of the file hashes we observed ourselves.
To achieve the greatest possible coverage, we compared the file hashes of the affected package versions with those of the predecessor versions to identify the files containing malicious payloads. After processing the files by actual relevance, we were left with the following list. We have uploaded the relevant files to Malware Bazaar.
We were unable to acquire the relevant files or their hashes of the packages color and @duckdb/duckdb-wasm.
IoCs
| SHA256 hash | Package |
| 18c89177e52fa9b220d2a31d8b6cc600fc33c04ff6226d33baf2ef44abb0b958 | @coveops/abi 2.0.1 |
| cebbe1b84b450d66a10d9371273f4367a895d26be47e23b762647752e670b2a0 | @coveops/abi 2.0.1 |
| 40efffba1cb3f5ca47e583f8f9a91d0684f11926b776bfbce1125d19c7b7e7d4 | @duckdb/node-api 1.3.3 |
| e54bae5d609ecfb6a9a3058bd4ac5553e672c054cca9dff50c24085ea911cf75 | @duckdb/node-bindings 1.3.3 |
| 5da2e940ce5288dfe73deca2723544c19ce4e3dc8fe32880801c6675de12db0a | ansi-regex 6.2.1 |
| 754722fa3fd7f8cd1ae5196656aa6d71d59e0915321f3da949652988f6920730 | ansi-styles 6.2.2 |
| 30700331b6b08d5b6d8988af52a6ed20527a091b8f52d79ec1f2a8f9cea24657 | backslash 0.2.1 |
| d2b4a2ff532ff6d8f5213688324f1b69833efb13dc80d52692dae098f89371d8 | chalk 5.6.1 |
| 4b2695e6ce5ecc24d1fb37e987ce844d7f5272d835913520096ab790bbdc9784 | chalk-template 1.1.1 |
| eefdc0454900e29788d29cdc919bc5eff37c7a936e49547518e3e14d31a1a4f8 | color-convert 3.1.1 |
| a6a1cd72fbdc883b69cd988b43e6ef836f3517c3f2903ce34b48517d164cd70d | color-name 2.0.1 |
| e8731a1fc574e511430b0a6dd01d28af2ec9528259f2a7d4d7a657af5b741c67 | color-string 2.1.1 |
| 487eb25ee3da4b0c4a908be416bba551745eae20a9330e24c90daed0da2e42fa | Debug 4.4.2 |
| c2c292e6f8c31f83aed83de5568b2c549fee262402f425f6dc4f4d9e89d8f4f2 | duckdb 1.3.3 |
| 84d70ba88af8790ef4943483aa198cae9e25f0be5ba878680856880ebd4240de | duckdb 1.3.3 |
| 72035ac827454c84ce20919657fc49e0b49b19e00c2c627602bef77e28e64a13 | error-ex 1.3.3 |
| d2f01e17c87592838a207573db0cd475fbe70b7e3cc2bf8fb569444c47a64d74 | has-ansi 6.0.1 |
| 161e91905f68da8aea108c6271936b732cc30668ad6177384b37025358fe2075 | is-arrayish 0.3.3 |
| 731bc7673eb9f4809c8aa77499cac6c99db4e88e001ac06bdd59bd91f8111d50 | prebid-universal-creative 1.17.3 |
| 2de3f3082395f9893b560f8260b09c2e43d5f875f41e7c10283f2afc079c5f41 | prebid-universal-creative 1.17.3 |
| 99f72619c8c924b2696017b357af058e16d8c529d0e7f15841f017b385e577a1 | prebid-universal-creative 1.17.3 |
| 3d0bfd9691dba156a71430d27b0220156af53c46fbcdb6887c0ae59e59561378 | prebid-universal-creative 1.17.3 |
| a453d224e7c31d9b40d46dde384f07317b3deae4ecdf9c62e7563c4c4b644023 | prebid-universal-creative 1.17.3 |
| a80f9d6010a8e930c7f99ec1c5141f953c018bb49d69f8073b21c0e2dbeb0eac | prebid-universal-creative 1.17.3 |
| 88e8a47a09b2f25b1fde9a73b07d3e6569f4715c043fcd9ab756c3d2b67a832d | prebid-universal-creative 1.17.3 |
| 63824e74362561e82443c754c17a602678d1ae098f47b3a02a410479f6c93f2a | prebid-universal-creative 1.17.3 |
| 90ab5cce6a913c09f6c5265841de0779a63294b0631f93ed6b9a7246286e84c7 | prebid.js 10.9.2 |
| 24840c7023e40e10257e4af39edc08947662e71c40fffc1aba2a4940c588ba7f | prebid.js 10.9.2 |
| d246ac0d3100182ed57e71437a26059b4debe43b4ab4c7efdf5aadf6cf935144 | prebid.js 10.9.2 |
| 49dc8da16de89b42f9e149a964f8a4c574444a9e9ab407e221d640bf05988542 | proto-tinker-wc 0.1.87 |
| 3dcacdcab1bd77924095b859a6074f79a505b2d29aa746003f73a876d04392a6 | proto-tinker-wc 0.1.87 |
| 1cc9053d62745b5e4c1ef0f60947ed83576d3d203ca2a58aef9d0a20e988a134 | proto-tinker-wc 0.1.87 |
| 2aaad37067814cc197efae927d81d0d98f218d9328959417f8d12764969f7d59 | proto-tinker-wc 0.1.87 |
| ee60d51f79f5bbed20976b66cd89777c6834a96c538419964b439102e678cde7 | simple-swizzle 0.2.3 |
| 3a46b0cbc0e0e511f4b934bcdd31873aa99cbda46888021b1b1bf4094a7ce0d5 | slice-ansi 7.1.1 |
| 587e834e3c25c8344adda2d94608759de0783230c5204d8806e1142b9128ee74 | strip-ansi 7.1.1 |
| 2fb265403fcb35669fff4690a2b8aae8f359bed3b7eec9ed9a4bd1a23229d663 | supports-color 10.2.1 |
| a0691bee000dff602387c291db332954a414f86b7e1847e3852269a464b9f4c2 | supports-color 10.2.1 |
| 19020c7ce1964761eab25e3d6e42f7e7bc5139dbb884dc65dd6c9760e3131419 | wrap-ansi 9.0.1 |
| 06bf0057348d26021606941eee7338b85896f88eab3766312fa7605ac14d0f2b | supports-hyperlinks 4.1.1 |
If you are interested in a deeper technical analysis or the related crypto addresses, take a look at the following blogpost by socket.dev: https://socket.dev/blog/npm-author-qix-compromised-in-major-supply-chain-attack.