A widely-used npm package, rand-user-agent, has fallen victim to a supply chain attack, where cybercriminals injected obfuscated code designed to install a Remote Access Trojan (RAT) on users’ systems.
Originally developed to generate randomized user-agent strings—helpful in web scraping, automation, and cybersecurity research—the package was deprecated but remained in use, logging approximately 45,000 downloads per week.
Security experts at Aikido uncovered the compromise on May 5, 2025, when their malware detection tools flagged version 1.0.110 of rand-user-agent. A deeper investigation revealed hidden malicious code in the dist/index.js file. This code was deliberately obscured and only viewable with horizontal scrolling on the npm website.
Researchers confirmed that the last legitimate release was version 2.0.82, uploaded seven months ago. The malicious code appeared in unauthorized versions 2.0.83, 2.0.84, and 1.0.110, none of which corresponded with updates on the project's GitHub repository—an indicator of foul play.
Once installed, the malicious versions create a hidden directory in the user’s home path (~/.node_modules) and modify the module loading path to prioritize this directory. They then load specific dependencies such as axios and socket.io-client, and establish a persistent connection to the attacker’s command and control (C2) server at http://85.239.62[.]36:3306.
Through this connection, the attacker retrieves critical system data—such as hostname, OS type, username, and a generated UUID. Once activated, the RAT listens for the following commands:
- cd <path>: Change directory
- ss_dir: Reset directory to script path
- ss_fcd:<path>: Force change to a new directory
- ss_upf:f,d: Upload single file
- ss_upd:d,dest: Upload all files in a directory
- ss_stop: Stop ongoing upload
- Any other input is executed via child_process.exec()
Currently, the malicious versions have been removed from the npm repository. Developers are urged to revert to the latest clean version. However, users who installed versions 2.0.83, 2.0.84, or 1.0.110 are advised to run a full malware scan, as downgrading the package does not eliminate the RAT.
For continued use, it’s recommended to switch to a forked and actively maintained alternative of rand-user-agent.
The original developer responded to BleepingComputer with the following statement:
“On 5 May 2025 (16:00 UTC) we were alerted that three unauthorized versions of rand-user-agent had been published to the npm registry (1.0.110, 2.0.83, 2.0.84). The malicious code was never present in our GitHub repository; it was introduced only in the npm artifacts, making this a classic supply-chain attack.
Our investigation (still ongoing) shows that the adversary obtained an outdated automation token from an employee and used it to publish releases to npm. That token had not been scoped with 2-factor authentication, allowing the attacker to: Publish versions that did not exist in GitHub, Increment the version numbers to appear legitimate, Deprecate nothing, hoping the new releases would propagate before anyone noticed.
There is no evidence of a breach in our source-code repository, build pipeline, or corporate network. The incident was limited to the npm registry.
We apologize to every developer and organization impacted by this incident. Protecting the open-source ecosystem is a responsibility we take seriously, and we are committed to full transparency as we close every gap that allowed this attack to occur.”
