Supply Chain Compromise Targets npm Package with 45,000 Weekly Downloads

An npm package, ‘rand-user-agent’, has been affected by a supply chain attack that resulted in the injection of obfuscated code designed to activate a remote access trojan (RAT) on users’ systems. This package, useful for generating randomized user-agent strings, has continued to maintain considerable popularity with an average of 45,000 downloads a week despite having been deprecated.

Researchers at Aikido discovered this security breach on May 5, 2025, when their malware analysis tools flagged a new version of the package, specifically version 1.0.110. Upon closer inspection, it was found that obfuscated code was embedded in the ‘dist/index.js’ file and was not easily visible without scrolling horizontally in the code view on the npm registry.

The last confirmed legitimate version of ‘rand-user-agent’ was 2.0.82, released seven months prior to this incident. Subsequent versions, 2.0.83, 2.0.84, and 1.0.110, were all tainted and lacked corresponding entries in the official GitHub repository.

The malicious code hidden within these new versions creates a concealed directory within the user’s home folder (~/.node_modules) and modifies the ‘module.paths’ in order to load dependencies such as ‘axios’ and ‘socket.io-client.’ It subsequently establishes a persistent socket connection to the attacker’s command and control (C2) server and transmits machine identification data, including the hostname, username, operating system type, and a generated UUID.

Once activated, the RAT listens for specific commands to execute, including:

– cd : Changes the current working directory.
– ss_dir: Resets the working directory to the script path.
– ss_fcd:: Forcefully changes to the specified directory.
– ss_upf:f,d: Uploads a single file f to destination d.
– ss_upd:d,dest: Uploads all files in directory d to dest.
– ss_stop: Interrupts any ongoing file upload.
– Any other command: Executes it as a shell command using child_process.exec().

As of now, the malicious versions have been removed from the npm package repository, restoring a safe version for users. However, those who have upgraded to the compromised versions should conduct a thorough system scan for potential signs of compromise, as simply downgrading to the legitimate version does not eliminate the RAT from affected systems.

It is advisable to consider utilizing forked versions of ‘rand-user-agent’ that continue to receive support and are monitored more rigorously.

Contacting the package developer provided insights into the breach’s nature. They confirmed on May 5, 2025, that three unauthorized versions had been published to the npm registry. The malicious code did not exist in their GitHub repository but was introduced exclusively in npm artifacts, characterizing this as a classic supply chain attack.

The ongoing investigation indicates that the adversary exploited an outdated automation token from an employee, allowing them to publish unauthorized releases. This token was not secured with two-factor authentication, enabling the attacker to publish versions that did not exist in GitHub, increment legitimate version numbers, and deprecate nothing, with the intent of going unnoticed.

To date, there is no evidence of breaches in their source code repository, build pipeline, or corporate network; the incident was strictly confined to the npm registry. The developers have expressed their apologies to the developers and organizations affected, emphasizing their commitment to protecting the open-source ecosystem and ensuring transparency while addressing vulnerabilities.