THREATOPS
THREAT OPSThreat News › Backdoored node-ipc npm releases steal developer credentials through DNS queries

Backdoored node-ipc npm releases steal developer credentials through DNS queries

infodatadog_seclabsPublished 2026-05-14

An analysis of backdoored node-ipc npm releases that add an obfuscated credential collection and DNS exfiltration payload to the CommonJS entrypoint.

MITRE ATT&CK techniques

Original source: https://securitylabs.datadoghq.com/articles/node-ipc-npm-malware-analysis/