PhantomRaven Wave 5: New Undocumented NPM Supply Chain Campaign Targets DeFi, Cloud, and AI Developers

The npm registry has become a favored vector for sophisticated supply‑chain attacks, and PhantomRaven exemplifies the threat’s evolution. First identified in late 2025, the campaign has now entered its fifth wave, expanding its reach to over 200 packages that masquerade as legitimate tools for DeFi, cloud infrastructure, and AI development. By exploiting the npm dependency resolver, the attackers inject a Remote Dynamic Dependency that points to a remote server, allowing them to serve unique tarballs that evade hash‑based detection while delivering a universal dropper.

Technically, the chain hinges on a self‑referencing dependency in package.json, which triggers a download from the attacker‑controlled domain. The second‑stage tarball redirects to a hidden "idle‑style‑xi" package that executes a preinstall script—an npm lifecycle hook that runs automatically. This script fetches a single‑use token, downloads a lightweight JavaScript payload, and silently harvests environment variables, Git configuration, and CI/CD secrets before exfiltrating the data to a POST endpoint. Defenders can disrupt this flow by auditing package.json for HTTP URLs, employing the "--ignore-scripts" flag in CI pipelines, and blocking outbound traffic to the identified C2 domains.

The broader impact is stark: developers in high‑value sectors such as decentralized finance, cloud services, and generative AI now face direct credential theft that can compromise production environments and downstream services. Organizations must rotate any tokens or keys that may have been exposed, implement strict dependency provenance checks, and monitor network traffic for anomalous POST requests to the malicious endpoints. As supply‑chain threats continue to mature, a proactive stance on package verification and runtime script controls will be essential to safeguard the software development lifecycle.