rand-user-agent
rand-user-agent Package Hijacked With RAT
Attackers compromised the NPM account of the maintainer and published malicious versions of the rand-user-agent package. The compromised versions contained obfuscated code that installed a Remote Access Trojan (RAT), which established a connection to a command-and-control server. The malware could execute arbitrary commands, upload files from victims' machines, and modify the PATH environment variable to hijack Python execution.
- Date
- 2025-05-05
- Category
- Open Source
- Target Surface
- Package registry
- Insertion Phase
- distribution
- Impact
- Backdoor
- Cause
- Compromised Account/Credentials
What Was Affected
Package
rand-user-agent
LanguageJavaScript
ComponentLibrary
Artifact typesource archive
Domain typepackage host
Domain
npmjs.org
Repository
github.com/WebScrapingAPI/rand-user-agent
Compromised Versions
Incident Context
- Motive
- Unauthorized Access/Control
- Attribution
- Individual Hacker
- Transitive
- No
- User Impact
- 45000
- Observed Duration
- 0 days
Evidence
Compromised Artifacts
- registry.npmjs.org/rand-user-agent/-/rand-user-agent-1.0.110.tgz
- registry.npmjs.org/rand-user-agent/-/rand-user-agent-2.0.83.tgz
- registry.npmjs.org/rand-user-agent/-/rand-user-agent-2.0.84.tgz
Current Artifacts and Analysis
Indicators and Changes
Hashes
sha256:4ecdf8ceee1f2345ef9996c15f44eee3f87a1e04baa0fb0f91cc228e699a2873
External References
Source Data
Source record: oss/rand-user-agent/meta.yaml