Threat Intelligence Report

The Package Poisoner: How 2.5 Billion Weekly Downloads Were Compromised in npm's Largest Supply Chain Attack | Koi Blog

📅 September 28, 2025 📰 www.koi.security 🔍 0 CVE(s) referenced

A sophisticated phishing campaign allowed attackers to compromise 18 of npm’s most popular packages—impacting over 2.5 billion weekly downloads—by injecting malware that silently hijacked cryptocurrency transactions across multiple blockchains before the breach was rapidly contained by the developer community.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle