malware npm
mgc
discovered 2026-04-03mgc is identified in the SafeDep analysis "Compromised npm Package mgc Deploys Multi-Platform RAT". The npm package mgc was compromised via account takeover, with four malicious versions published in rapid succession deploying a full Remote Access Trojan targeting macOS, Windows, and Linux.
Threat types
rat credential_stealer data_exfiltration persistence c2_agent
Malicious versions
- 1.2.1
- 1.2.2
- 1.2.3
- 1.2.4
Campaigns
Indicators
- domain admondtamang.com.npcommunicates-with
- domain gist.github.comcommunicates-with
- domain gist.githubusercontent.comcommunicates-with
- sha256 40aa5d412a50db79a814ac5ad65237745727cb4777843d66a760f64285a5a3e6indicates
- sha1 1c5d51c2002f452a4dd58a1a73a9dd90a7fe0297indicates
- md5 814132e794e5d007e9b8ebd223a9494findicates
- md5 0c0fc7a0c23cdb5e1c8f66b208053ed6indicates
- email admondtamang@gmail.comexfiltrates-to
Techniques
- ttp T1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttp T1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttp T1552.001 Unsecured Credentials: Credentials In Filesuses
- ttp T1041 Exfiltration Over C2 Channeluses
- ttp T1528 Steal Application Access Tokenuses
- ttp T1105 Ingress Tool Transferuses
- ttp T1071.001 Application Layer Protocol: Web Protocolsuses
- ttp T1102 Web Serviceuses
- ttp T1546 Event Triggered Executionuses
