npm

hyatt-avatar

hyatt-avatar is identified in the SafeDep analysis "Malicious npm Packages Impersonating Hyatt Internal Dependencies". Three malicious npm packages disguised as Hyatt internal dependencies were discovered using install hooks to execute malicious payloads. All packages share identical attack patterns and infrastructure.

discovered 2025-10-23

Threat types

typosquat

Malicious versions

999.999.999

Campaigns

Enterprise Dependency Confusionattributed-to

Indicators

email[email protected]exfiltrates-to

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1036 Masquerading: package impersonation and typosquattinguses
ttpT1105 Ingress Tool Transferuses
ttpT1546 Event Triggered Executionuses

Read the full analysis →