malware npm

exiouss

discovered 2026-05-01

exiouss is identified in the SafeDep analysis "exiouss: Cookie Stealer Bundled in npm Exam Cheat". exiouss on npm is the latest package from the loltestpad campaign — the same attacker who published the ixpresso-core Windows RAT in April. It bundles a dormant ChatGPT cookie stealer alongside an AI exam cheating tool, targeting students who willingly run it.

more…

Threat types

credential_stealer data_exfiltration rat persistence

Malicious versions

1.0.0

Campaigns

fucktestpad npm Malwareattributed-to

Indicators

sha256 e2fda5aa8397799669f29258f69e803cf05d322c1d93269eef6754ca024c3865indicates
email fucktestpad@opemails.comexfiltrates-to

Techniques

ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
ttp T1041 Exfiltration Over C2 Channeluses
ttp T1539 Steal Web Session Cookieuses
ttp T1105 Ingress Tool Transferuses
ttp T1071.001 Application Layer Protocol: Web Protocolsuses
ttp T1546 Event Triggered Executionuses

Read the full analysis →