Typosquatting in npm Delivers Full Host Compromise. Malicious undicy-http Package Targets Developers
A malicious npm package named undicy-http has been identified as part of a supply chain attack targeting developers through typosquatting.
The package impersonates undici, the widely used HTTP client for Node.js, but instead of providing legitimate functionality, it delivers malware designed to steal credentials, hijack sessions, and establish remote access on infected systems. JFrog Security reported the package on March 31, 2026.
What Was Found
According to JFrog Security, undicy-http@2.0.0 contains no real HTTP client logic. Instead, it deploys two parallel payloads:
- a Node.js-based remote access trojan (RAT)
- a native Windows payload named
chromelevator.exe
The RAT supports remote shell access, screen streaming, file upload, and microphone or webcam capture. The second-stage Windows binary targets browser processes to steal passwords, cookies, payment data, IBANs, and session tokens from more than 50 browsers and over 90 cryptocurrency wallet extensions.
How the Attack Works
The infection starts during package installation.
JFrog reports that the package executes a malicious script that relaunches itself in a hidden way, establishes persistence, and then deploys its payloads. The malware uses multiple persistence methods, including a scheduled task, registry autorun fallback, and Startup folder placement. It also performs anti-analysis checks for virtualized or sandboxed environments and displays a fake missing-DLL error to reduce suspicion.
On affected Windows systems, the native payload uses direct syscalls to inject into browser processes while trying to avoid user-mode security hooks. Exfiltration is carried out through Discord webhooks and a Telegram bot, with file-sharing services used for larger data transfers.
Attribution and Scope
JFrog attributes the package to LofyGang based on multiple indicators, including the package author field ConsoleLofy, hardcoded strings, and Portuguese-language logging. The research also notes overlap between the Windows payload and broader browser-stealer activity associated with GlassWorm-related detections.
The campaign is significant because it relies on a very simple tactic.
A package with a name close to a trusted dependency can turn a normal install action into host compromise.
Why This Matters
This is not just a malicious package story.
It reflects a persistent software supply chain problem:
1. Developer environments are high-value targets
Laptops, CI jobs, and local build systems often hold tokens, credentials, session data, and code access.
2. Typosquatting still works
The attack does not require a new exploit. It relies on trust, speed, and routine package installation behavior.
3. Open source trust chains remain fragile
A single mistaken install can create downstream exposure beyond the original machine.
DIAMATIX Perspective
This case shows why software supply chain security must be treated as an operational control, not only as a developer hygiene issue.
The attacker did not exploit a vulnerability in Node.js.
They exploited trust in package naming and install workflows.
That matters because the impact goes beyond one workstation.
Where developer systems, CI/CD runners, secrets, and browser sessions are involved, a malicious package can become an entry point into broader business systems.
Organizations should respond on three levels:
- prevent: restrict package sources, review dependency additions, use allowlists where possible
- detect: monitor suspicious post-install behavior, unusual child processes, and outbound connections from build or developer hosts
- contain: assume credential and token exposure when malicious packages run, then rotate secrets and validate downstream systems
This is the operational lesson.
Package installation is part of the attack surface.
Sources
JFrog Security Research. Analysis of the malicious npm package undicy-http
JFrog Security Research feed. Malicious package disclosures updated on March 31, 2026
