New Supply Chain Attack Targets Widely Used npm Package with 45,000 Weekly Downloads

A major supply chain compromise has been discovered in the npm package rand-user-agent, a library with over 45,000 weekly downloads, commonly used to generate randomized real user-agent strings for web-scraping operations.

The package, which is maintained by WebScrapingAPI, was found to contain heavily obfuscated malicious code reminiscent of recent supply chain attacks targeting open-source ecosystems.

The suspicious code was initially flagged by anomaly detection engines analyzing the dist/index.js file in recent releases of rand-user-agent.

Investigators noted a concealed code segment, cleverly obscured both in the file’s formatting and through dense obfuscation layers, which did not exist in the open-source GitHub repository’s last legitimate commit (version 2.0.82, dated seven months ago).

Subsequent npm releases diverged from the GitHub source, all of which were tainted, tampering with end-user trust and software supply integrity.

Sophisticated Remote Access Trojan (RAT) Embedded

Upon de-obfuscation, the injected code was revealed as a fully functional Remote Access Trojan (RAT). Key technical features include:

• Dynamic Dependency Installation: The malware surreptitiously checks for and installs required dependencies-namely axios and socket.io-client-directly into a hidden .node_modules folder within the user’s home directory, evading casual inspection.
• Command and Control via Socket.io: The RAT establishes a persistent bi-directional communication channel with the attacker’s C2 server at http://85.239.62[.]36:3306, identifying itself using the victim’s hostname, username, OS type, and a randomly generated UUID.
• File Exfiltration Mechanism: Using axios, the RAT can upload arbitrary files or entire directory contents to a second endpoint at http://85.239.62[.]36:27017/u/f via HTTP POST with multipart/form encoding.
• Shell Command Execution & Directory Manipulation: The backdoor processes attacker-issued commands, supporting advanced file operations (uploading individual files or entire directories), remote shell access, and working directory changes. Commands are executed natively via Node.js’ child_process module.
• Stop/Start Control & Session Management: Command queueing, session control, and the ability to interrupt long-running upload processes are all supported.

For Windows hosts, the malware attempts a stealthy PATH environment hijack.

By pre-pending %LOCALAPPDATA%\Programs\Python\Python3127 to the environment’s PATH variable, any process or user running Python-related commands can be unknowingly redirected to attacker-supplied binaries, providing an additional escalation and persistence vector.

Affected Versions and Impact Scope

The compromise affects the following published versions:

• 2.0.84
• 1.0.110
• 2.0.83

Given the package’s download footprint and its utility in automation and scraping infrastructure, the attack presents significant supply chain risk, especially in organizations relying on automated npm dependency updates or lacking integrity verification processes.

Security teams are advised to:

• Audit Dependency Trees: Check for the presence of the compromised rand-user-agent versions and related artifacts.
• Monitor for Suspicious Outbound Connections: Especially to the C2 and exfiltration IPs and endpoints provided below.
• Reinstall from Trusted Sources: Remove affected versions and restore from clean, verified GitHub releases.
• Investigate for Secondary Persistence: Particularly on Windows systems where PATH manipulation could introduce further risk.

Indicators of Compromise (IOCs)

Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates