Talk: Malware in the gist: How malicious packages on npm bypass existing security tools

11:00-11:30 PDT Saturday | Aug 9^th2025
DEF CON Creator Stage 4 (Room 228) | Las Vegas Convention Center
Adversary Automation

npm is owned by Microsoft and is the world’s largest software registry. It hosts nearly 5 million packages and 4.5 trillion requests for packages were made to npm in 2024. The open and accessible nature of npm is one of its main features, but its also one of the reasons that threat actors are attracted to it. A recent study by Sonatype found that 98.5% of malicious software packages are hosted and delivered via npm.

This technical deep-dive will explain why npm is so good at delivering malware; expose how threat actors are using npm; and why existing security tools like SCA, SAST, EDR and anti-virus solutions will not protect you from npm based malware.

Key Topics:

• Technical analysis of how attackers leverage npm's unique characteristics (namespace claiming, pre/post install scripts, package name recycling) to deliver successful malware
• Why existing security solutions like SCA, SAST, EDR and anti-virus won’t find npm based malware
• Comparative analysis of attack patterns across different threat actors (researchers, crypto thieves, criminal APTs, nation-states)
• Introduction to OSV, GHSA and other resources to help your teams stay informed about new malcious packages

Target Audience:

This talk is aimed at security researchers, threat hunters, and defenders responsible for securing the software supply chain. Attendees will gain practical insights into detecting and defending against package-based malware that evades conventional security controls.

Why This Talk?

While binary malware analysis is well understood, package-based malware presents unique challenges. This talk fills a critical knowledge gap by providing detailed technical analysis of real-world attacks and practical defensive strategies for an increasingly important threat vector.

1. Software package malware is different from typical binary based malware
   1. No binary to detect on or reverse engineer. Hashing is useless.
   2. Javascript packages use hundreds or thousands of transitive dependencies. Dynamic loading of JS via CDNs or lazy loading adds to the complexity.
   3. Uses Javascript native functionality and can run 100% in browser. This lets bad guys target browser behaviour directly
   4. Sandboxing is difficult. Depending on malware you need different sandboxing. Most sandboxes like Joes, any.run, Triage won’t find Javascript based malware.
2. What makes bad guys target npm? What are the specific reasons that make it such a common target for malware?
   1. Namespace can be claimed by anyone
   2. Pre and post install scripts deliver RCE by design
   3. You can reclaim package names once they’ve been removed
   4. The Javascript ethos of “everything is a small library”
3. Types of attackers. “Ecosystem of malicious software peddlers”
   1. Researchers:
   2. Crypto theft - usually on import (i.e., actually doing the thing its supposed to)
   3. Criminal APTs
   4. Nation state actors
4. How do existing security tools address malicious Javascript packages?
   1. EDR doesn’t detect it, nor does IDS. Explain why it doesn’t
   2. Explain how SCA (or SAST/other tools) works and why it doesn’t detect malware in packages.
   3. Lack of telemetry, TTPs, IOCs, etc. Most of the detection data comes from a relatively small group of researchers, including me. Other companies are doing the research, but not sharing it with the public.
5. npm package malware resources for red teams/researchers
   1. Special domains
   2. Building publisher clout == better adoption
   3. GOAT list for package based malware
6. npm package malware resources for defenders
   1. osv.dev
   2. GitHub security advisory
   3. Hosting your own npm registry
   4. Software supply chain firewalls