TL;DR

Three malicious versions of node-ipc (~822K weekly downloads) were published to npm on 2026-05-14: 9.1.6, 9.2.3, and 12.0.1, each carrying an identical ~80 KB obfuscated payload that exfiltrates 90+ categories of credentials. node-ipc is a transitive dependency in countless build toolchains — you can be affected without ever installing it directly.

What happened

Three malicious versions were published within minutes of each other. The malware lives only in node-ipc.cjs, appended as an IIFE after the legitimate module.exports — making it easy to miss in a casual diff.

Payload behavior: - Harvests AWS, Azure, GCP credentials, SSH keys, Kubernetes tokens, GitHub CLI configs, Claude AI / Kiro IDE settings, Terraform state, DB passwords, shell history (90+ categories). - Exfiltrates over DNS (UDP/53) to an attacker-controlled server — a covert channel that bypasses many egress-allowlist setups. - Uses temporary directories matching $TMPDIR/nt-*. - Child processes set env flag __ntw=1.

Am I affected?

# Show every node-ipc version anywhere in your tree
npm ls node-ipc --all

# Specifically check for the three bad versions
npm ls node-ipc --all | grep -E '9\.1\.6|9\.2\.3|12\.0\.1'

IOCs

Type Value
Malicious versions node-ipc@9.1.6, node-ipc@9.2.3, node-ipc@12.0.1
npm shasum (12.0.1) fe5d107b9d285327af579259a32977c4f475fa26
C2 domain sh.azurestaticprovider[.]net
C2 IP 37.16.75[.]69
Exfil channel DNS UDP/53
Temp dir pattern $TMPDIR/nt-*
Process env flag __ntw=1
Forensic marker Every file in malicious tarball timestamped 1985-10-26
Publisher account atiertant (a.tiertant@atlantis-software[.]net) — not a prior maintainer
# Lockfile spot-check
grep -E '"node-ipc".*"(9\.1\.6|9\.2\.3|12\.0\.1)"' package-lock.json yarn.lock pnpm-lock.yaml 2>/dev/null

# Tarball forensic marker
find ~/.npm ~/.cache -name "node-ipc-*.tgz" -exec sh -c 'tar -tvf "$1" 2>/dev/null | grep "1985"' _ {} \;

# Egress / process artifacts
ps eww | grep "__ntw=1"
ls -la "${TMPDIR:-/tmp}"/nt-* 2>/dev/null

If any malicious version was on a dev machine or CI runner, treat the host as compromised.

If you are affected

playbooks/if-you-installed-a-bad-npm-package.mdplaybooks/if-your-npm-token-leaked.mdplaybooks/rotating-cloud-credentials.md

Prevention

prevention/npm-hardening.md--ignore-scripts, lockfile pinning, Socket → prevention/agent-sandboxing.md — run npm install inside a container

Sources