New Supply Chain Attack Targets Legitimate npm Package with 45,000 Weekly Downloads

A sophisticated supply chain attack targeting the popular npm package ‘rand-user-agent’ was discovered on May 5, 2025.

The compromise affects a legitimate JavaScript library used to generate randomized user-agent strings for web scraping operations, inserting malicious code that establishes remote access capabilities on infected systems.

Security researchers detected suspicious code in version 1.0.110 of the package, which was published without authorization from the original maintainers at WebScrapingAPI.

The attack is particularly concerning given that ‘rand-user-agent’ averages approximately 45,000 weekly downloads, creating a wide potential attack surface across development environments.

The package remained uncompromised for years until this recent incident, with the last legitimate version (2.0.82) published seven months ago according to the official GitHub repository.

Three malicious versions have since appeared on the npm registry: 2.0.83, 2.0.84, and 1.0.110.

Aikido Push researchers identified the malware through their automated analysis pipeline, noting how attackers concealed their code by hiding it beyond the normal horizontal scroll view in the package’s distribution files.

Upon analysis, the malicious payload was identified as a sophisticated Remote Access Trojan (RAT) dubbed “RATatouille” due to its capability to hide among legitimate code while establishing persistence.

The embedded malware constructs covert communication channels with command-and-control infrastructure at 85.239.62[.]36, using both port 3306 for socket connections and port 27017 for file exfiltration.

Upon execution, the RAT reports system information including hostname, username, operating system type, and process ID to its operators.

Security analysis reveals the malware versions attempt to evade detection by employing multiple layers of obfuscation and establishing a hidden node_modules directory in the user’s home folder to store additional malicious components.

Technical Analysis of Infection Mechanism

The RAT employs a sophisticated installation technique, dynamically importing dependencies like ‘socket.io-client’ and ‘axios’ if they aren’t present.

It modifies module paths to ensure these dependencies load from its custom node_modules directory rather than the project’s legitimate one.

This approach allows the malware to operate independently of the project’s dependency structure.

One particularly concerning capability is the Windows-specific PATH hijack targeting Python installations.

The malware prepends a non-standard Python directory to the system PATH:-

const Y = path. Join(
  process.env.LOCALAPPDATA || path.join(os.homedir(), 'AppData', 'Local'),
  'Programs\Python\Python3127'
)
env.PATH = Y + ';' + process.env.PATH

This PATH manipulation allows attackers to execute malicious binaries whenever a Python-related command is triggered, effectively hijacking legitimate Python operations.

The malware hides its code in the distribution file by placing it beyond the visible area of code editors.

Organizations using any version of rand-user-agent published after October 2024 should immediately check for indicators of compromise, particularly unauthorized network connections to the identified C2 infrastructure and unexpected modifications to Python environment paths.

Are you from the SOC and DFIR Teams? – Analyse Real time Malware Incidents with ANY.RUN -> Start Now for Free.