Typosquatting, Steganography, and Worms: The February NPM Attack Wave

This blog is part of an ongoing series examining the findings in the February 2026 Cyber Threat Intel Report from Cyops. Read the full report here. 

Supply chain attacks are no longer edge-case scenarios reserved for nation-state threat briefings. February 2026’s threat data makes it unmistakably clear: attackers are embedding themselves directly into the tools your developers trust every day. If your organization relies on open-source packages (and virtually every modern development environment does) you need to act now.

Three Campaigns, One Urgent Message

The buildrunner-dev NPM Package

Researchers uncovered a malicious NPM package called buildrunner-dev designed to mimic legitimate, abandoned packages with similar names — a classic typosquatting play targeting Windows developers. The attack chain is sophisticated and deliberate.

When a developer runs npm install, a hidden post-install script silently triggers a multi-stage infection. What makes this campaign stand out is its use of steganography: key malicious components — including an AMSI bypass and a .NET loader — are concealed within the RGB values of PNG images hosted on public platforms like ImgBB. Once active, the malware uses the fodhelper.exe UAC bypass to escalate privileges without triggering UAC prompts, establishes persistence via the Windows Startup folder, and ultimately deploys the Pulsar Remote Access Trojan (RAT) through process hollowing into legitimate Windows processes.

By the time your endpoint detects anything, the attacker has full control of the compromised system.

The SANDWORM_MODE Worm

If one malicious package weren’t alarming enough, a new self-propagating NPM worm dubbed SANDWORM_MODE was also observed in February. Using typosquatting to impersonate popular utilities, the worm steals NPM tokens, GitHub tokens, environment variables, and cryptographic keys upon installation — then uses those stolen credentials to poison further repositories and continue spreading.

Known malicious packages include: claud-code@0.2.1, cloude-code@0.2.1, cloude@0.3.0, suport-color@0.1.1, veim@2.46.2, and others. This is a self-amplifying threat. Every compromised developer environment becomes a new vector.

Notepad++ infrastructure hacked by the State-sponsored threat group “Lotus Blossom”

The Notepad++ supply chain compromise — attributed to the state-sponsored Lotus Blossom threat group — adds another layer of urgency. Between June and December 2025, the group compromised Notepad++’s shared hosting infrastructure to intercept and redirect update server traffic, delivering Cobalt Strike beacons to unsuspecting users across cloud hosting, energy, financial, government, manufacturing, and software development sectors worldwide.

The fix: Notepad++ has since released version 8.9.1 with enhanced security mechanisms and migrated to a new hosting provider.

What You Need to Do Now

The threats outlined above require immediate action. For development and security teams:

• Audit your package.json and package-lock.json files immediately and cross-reference against the known malicious SANDWORM_MODE package list.
• Enforce package allowlisting and integrity verification in your CI/CD pipelines.
• Implement behavioral monitoring on post-install scripts — these should never be executing network requests or launching shell commands silently.
• Rotate NPM and GitHub tokens for any developer environments that may have had exposure.
• Update Notepad++ to version 8.9.1 across all endpoints immediately.
• Monitor for unsigned or anomalous DLL loads and process hollowing indicators on developer workstations.

The supply chain is one of the most reliable attack surfaces adversaries have precisely because defenders tend to trust it. That trust needs to be earned, verified, and continuously re-evaluated. Don’t wait for a breach to find out which packages you should have been watching.