Dozens of info-stealing npm packages spread in new PhantomRaven attack waves

BleepingComputer reports that 88 malicious npm packages impersonating Babel, GraphQL Codegen, and other established projects have facilitated data theft from JavaScript developers as part of three new waves of the PhantomRaven attack campaign from November 2025 to February 2026.

Installation of the illicit packages, most of which could still be downloaded from the npm registry, automatically downloads and executes malware that exfiltrates emails from .npmrc, .gitconfig, and environment variables, GitHub, GitLab, CircleCI, and Jenkins CI/CD tokens, and system details, according to an Endor Labs analysis. While PhantomRaven's infrastructure has been consistent since the initial attacks in August, with the payload remaining mostly unchanged, attackers have moved to rotate npm and email accounts, alter npm package metadata and PHP endpoints, and escalate the frequency of malicious package publication in more recent waves.

The persistent threat of PhantomRaven should prompt developers to be more discerning of the packages they download, as well as to avoid AI chatbot-suggested packages.