Node-ipc npm Package Faces Supply Chain Attack Due to Expired Domain
A significant supply chain attack has been identified involving the node-ipc npm package, a widely used Node.js module. Attackers exploited an expired domain to publish three trojanized versions of the package, specifically versions 9.1.6, 9.2.3, and 12.0.1. These versions contain an obfuscated 80KB payload designed to steal credentials for various services, including CI/CD tools, cloud services, and AI coding agents. The stolen data is exfiltrated using DNS TXT queries, a method that allows attackers to bypass traditional HTTP connections. Node-ipc is a dependency for over 424 projects and receives nearly 700,000 weekly downloads, indicating a potentially vast impact. Users are advised to scan their systems for these compromised versions and treat any stored credentials as compromised. 
