malware npm

@glitchpad/throttler

discovered 2026-06-23

Campaign member, masquerades as a throttler utility (ships a genuine throttler as decoy). Version 2.2.3 ships a ~263KB obfuscated downloader payload (primer.cjs) auto-executed via postinstall 'node ./primer.cjs'. Amazon Inspector's fuller enumeration lists 2.1.1 and 2.2.1-2.2.4 as malicious. Same execution wrapper and obfuscator template as the root lineage; build cluster B (string-array fn _0x36b9, guard __7D0A53D40B_TAG), shared with @nullzero/@lazyutil. Downloader -> Rust infostealer chain per Amazon Inspector.

Threat types

credential_stealer data_exfiltration persistence typosquat

Malicious versions

  • 2.1.1
  • 2.2.1
  • 2.2.2
  • 2.2.3 · c78651dde9b6a966…
  • 2.2.4

Campaigns

Indicators

Techniques

Read the full analysis →