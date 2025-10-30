More than 120 malicious npm packages, which have been downloaded over 86,000 times, have been launched to pilfer authentication tokens, GitHub credentials, and CI/CD secrets from developers as part of the PhantomRaven attack campaign that has been ongoing since August, BleepingComputer reports.

Artificial intelligence-hallucinated recommendations are behind many of the illicit packages, which impersonate legitimate projects, including GitLab or Apache tools, according to a Koi Security analysis. Researchers noted that the nefarious packages harnessed a remote dynamic dependencies system that facilitated the automated retrieval and execution of remote packages while declaring no dependencies.

Targeted devices are then profiled by the side-loaded payload, which scours email addresses from environment variables, while stealing npm, GitLab, GitHub Actions, CircleCI, and Jenkins tokens via HTTP GET requests with URL-encoded data, HTTP POST requests with JSON data, and a WebSocket connection. Utilizing remote dynamic dependencies has also allowed PhantomRaven to prevent detection through static analysis.