Threat Intelligence Report

Five npm Packages That Hide a Windows Binary Dropper

📅 June 17, 2026 📰 safedep.io 🔍 0 CVE(s) referenced

A coordinated npm supply chain attack used five interlinked packages to stealthily deliver and execute arbitrary Windows binaries during installation, evading static detection by splitting malicious logic and disguising payload delivery through obfuscated code and public file hosting.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle