Threat Intelligence Report

The wshu.net npm Campaign Delivers a Multi-Stage Infostealer

📅 June 23, 2026 📰 safedep.io 🔍 0 CVE(s) referenced

A coordinated npm supply chain attack used 15 seemingly innocuous packages to deliver a highly obfuscated, multi-stage infostealer targeting developer credentials, crypto wallets, cloud tokens, and browser data across multiple platforms, with persistence and stealth tactics that evade typical detection.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle