malware npm

@needl-ai/common

discovered 2026-04-10

@needl-ai/common is identified in the SafeDep analysis "Malicious npm Dependency Confusion Campaign Targets Genoma UI and Others". A dependency confusion campaign by npm user victim59 targets at least three organizations through scoped packages @genoma-ui/components, @needl-ai/common, and rrweb-v1. The packages use install hooks to beacon system reconnaissance data to a DigitalOcean C2 server.

more…

Threat types

c2_agent dependency_confusion

Malicious versions

999.9.9

Campaigns

Enterprise Dependency Confusionattributed-to

Indicators

domain 64.227.183.144communicates-with
ipv4 64.227.183.144communicates-with
email victim59@proton.meexfiltrates-to

Techniques

ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
ttp T1036 Masqueradinguses
ttp T1105 Ingress Tool Transferuses
ttp T1071.001 Application Layer Protocol: Web Protocolsuses
ttp T1546 Event Triggered Executionuses

Read the full analysis →