Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
Four Malicious npm Packages Deliver Infostealers and Phantom Bot DDoS Malware
18 May 2026
Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP.
The list of identified packages is below -
chalk-tempalte (825 Downloads)
@deadcode09284814/axios-util (284 Downloads)
axois-utils (963 Downloads)
color-style-utils (934 Downloads)
"One of the packages (chalk-tempalte)