In September 2025, the Node Package Manager (NPM) ecosystem was targeted by a series of sophisticated supply chain attacks, with one campaign employing a notably creative method of obfuscation. The malicious package ‘fezbox’ was discovered using QR code steganography to hide a second-stage payload designed to harvest cookies and credentials from a user’s web browser1. This incident occurred alongside two other significant attacks: the widespread “Shai-Hulud” wormable malware and a crypto-stealing campaign targeting popular packages, highlighting a period of intense pressure on open-source software security2.
Summary for Security Leadership
The discovery of the ‘fezbox’ package represents an evolution in attacker techniques aimed at evading automated security scanners. Unlike traditional malware that embeds malicious code directly, ‘fezbox’ used a multi-stage process where the harmful payload was concealed within the pixels of a QR code image fetched from a remote server. This steganographic approach demonstrates a clear intent to bypass static analysis tools that scan code for known malicious patterns. The primary risk is the theft of sensitive authentication data stored in browser cookies, which could lead to account compromise and unauthorized access to web applications.
Key Points:
- Attack Vector: A malicious NPM package posing as a utility library.
- Technique: QR code steganography to hide and deliver a cookie-stealing payload.
- Primary Risk: Theft of user credentials and session cookies from web browsers.
- Context: Part of a broader wave of NPM supply chain attacks in September 2025, including the self-replicating “Shai-Hulud” worm and a crypto-jacking campaign.
Technical Analysis of the fezbox Package
The ‘fezbox’ package was designed to appear as a benign utility library, a common tactic to encourage adoption by developers. Upon installation, the package’s code would wait for 120 seconds before initiating its malicious routine1. This delay is a simple yet effective evasion tactic, potentially allowing the package to avoid detection in automated sandbox environments that may not monitor for prolonged periods. The core of its operation involved fetching a QR code image from a URL hosted on `cloudinary[.]com`, a legitimate content delivery network, which further helped to disguise the malicious network traffic.
The malicious JavaScript payload was not present in the package’s source code during initial static analysis. Instead, it was embedded within the QR code image itself. The package contained a decoder function that would extract and execute the hidden JavaScript from the image data. This method of using steganography for code obfuscation in an NPM package is a significant development. Researchers at Socket.dev noted the clever use of this technique, stating it shows “threat actors will continue to use any and all tools at their disposal” to avoid detection1. The extracted payload then focused on harvesting username and password values from the browser’s cookies and exfiltrating them to an attacker-controlled server at `my-nest-app-production.up.railway.app`.
Operational Security and Evasion Tactics
The attackers behind ‘fezbox’ implemented several layers of obfuscation to complicate analysis. The URL used to fetch the QR code was stored in a reversed format, requiring a simple `string.reverse()` operation to be read correctly. Within the payload, strings were also reversed—for example, using “drowssap” instead of “password”—and Unicode escape sequences were employed1. These are basic obfuscation methods but effective against casual inspection.
Perhaps more interesting was the inclusion of an environmental check. The code attempted to detect if it was running in a development environment by checking for a variable like `isDevelopment`. Furthermore, the malicious logic was programmed to execute only two out of every three times in non-development environments1. This probabilistic execution is a sophisticated anti-analysis measure designed to create inconsistent behavior during dynamic analysis, making it harder for security researchers to reliably trigger and observe the malware’s full functionality in a controlled setting.
Broader Threat Landscape: September 2025 NPM Attacks
The ‘fezbox’ incident was not an isolated event. It occurred during a month marked by two other major supply chain attacks. The “Shai-Hulud” campaign, disclosed around September 15-16, was a wormable attack that compromised over 187 packages by using stolen NPM tokens to hijack and republish them with malicious code2. This malware used the legitimate secret-scanning tool TruffleHog to harvest credentials from infected systems and exfiltrated data to a public GitHub repository.
Earlier in the month, a separate attack involved the account takeover of a maintainer via a phishing email. The attackers published malicious versions of 18 highly popular packages, including `chalk` and `debug`, which collectively see over 2.6 billion weekly downloads3. This malware operated in the browser, intercepting cryptocurrency transactions and replacing the destination wallet address with one controlled by the attacker. The diversity of these attacks—from credential theft and self-replication to financial fraud and steganography—demonstrates the wide range of threats facing the software supply chain.
Detection and Mitigation Strategies
For organizations relying on open-source dependencies, these attacks underscore the need for a multi-layered defense strategy. Relying solely on vulnerability scanners that use signature-based detection is insufficient against novel obfuscation techniques like those used by ‘fezbox’. Security teams should consider tools that perform behavioral analysis and monitor for suspicious network activity, such as connections to newly registered domains or unexpected data exfiltration.
Several practical steps can reduce risk. Using lockfiles (`package-lock.json`) and pinning dependency versions to specific releases prevents automatic installation of new, potentially malicious versions. In continuous integration/continuous deployment (CI/CD) pipelines, using the `npm install –ignore-scripts` command can neutralize threats that rely on post-install scripts to execute2. For maintainers, enabling strong, phishing-resistant multi-factor authentication (MFA) like hardware security keys is critical to preventing account takeovers. As noted by experts, “phishing, if done right, can successfully target even technically more competent employees like developers”2.
Conclusion
The ‘fezbox’ package campaign is a notable example of the increasing sophistication of software supply chain attacks. The use of QR code steganography moves beyond simple code obfuscation, leveraging an external image to hide a payload and thereby defeating many conventional static analysis tools. When viewed alongside the simultaneous “Shai-Hulud” and crypto-stealing attacks, it paints a picture of a threat landscape where attackers are rapidly experimenting with and deploying diverse techniques. This series of events serves as a reminder that security requires continuous vigilance, robust processes for dependency management, and defense-in-depth strategies that can adapt to evolving threats.
References
- “Malicious ‘fezbox’ NPM package steals browser passwords from cookies via innovative QR code,” Socket.dev, Sep. 2025. [Online]. Available: https://socket.dev/blog/malicious-fezbox-npm-package-steals-browser-passwords-from-cookies-via-innovative-qr-code
- “Security advisory: NPM packages using secret-scanning tools to steal credentials,” Semgrep, Sep. 2025. [Online]. Available: https://semgrep.dev/blog/2025/security-advisory-npm-packages-using-secret-scanning-tools-to-steal-credentials
- “NPM Supply Chain Attack: Crypto-Stealing Malware,” SOCRadar, Sep. 2025. [Online]. Available: https://socradar.io/npm-supply-chain-attack-crypto-stealing-malware/
