npm

exiouss

exiouss is identified in the SafeDep analysis "exiouss: Cookie Stealer Bundled in npm Exam Cheat". exiouss on npm is the latest package from the loltestpad campaign — the same attacker who published the ixpresso-core Windows RAT in April. It bundles a dormant ChatGPT cookie stealer alongside an AI exam cheating tool, targeting students who willingly run it.

discovered 2026-05-01

Threat types

credential_stealerdata_exfiltrationratpersistence

Malicious versions

1.0.0

Campaigns

fucktestpad npm Malwareattributed-to

Indicators

sha256e2fda5aa8397799669f29258f69e803cf05d322c1d93269eef6754ca024c3865indicates
email[email protected]exfiltrates-to

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
ttpT1041 Exfiltration Over C2 Channeluses
ttpT1539 Steal Web Session Cookieuses
ttpT1105 Ingress Tool Transferuses
ttpT1071.001 Application Layer Protocol: Web Protocolsuses
ttpT1546 Event Triggered Executionuses

Read the full analysis →