Listen to this Post

Introduction:
The software supply chain has become the battleground of choice for state-sponsored threat actors, and the npm ecosystem continues to be a prime target. In late June 2026, the JFrog Security Research team uncovered a sophisticated cluster of malicious npm packages mimicking legitimate Rollup polyfill tooling, attributed to the notorious North Korean Lazarus Group. This campaign represents an evolution in brandjacking tactics, where attackers don’t just typosquat—they create entire package ecosystems that look, feel, and behave like trusted dependencies, all while deploying credential-stealing and remote-access payloads directly into developer build pipelines.
Learning Objectives:
- Understand the infection chain and staging mechanisms used by Lazarus Group in this npm supply chain attack
- Learn to identify brandjacking techniques including suffix addition, embedding, and version mimicry
- Master detection, investigation, and remediation strategies for malicious npm packages in your development environment
- Gain hands-on knowledge of Linux and Windows commands to audit dependencies and hunt for indicators of compromise
- Implement proactive security controls to prevent similar supply chain compromises
You Should Know:
1. The Infection Chain: How the Malware Operates
The attack begins with two entry-point packages: `rollup-packages-polyfill-core` and rollup-runtime-polyfill-core. These packages are designed to be nearly indistinguishable from the legitimate `rollup-plugin-polyfill-1ode` project, which has approximately 295K weekly downloads. The malicious packages copy the README text, repository metadata, and even the legitimate plugin code—only the CommonJS `dist/index.js` entry point contains the backdoor; the ESM files remain clean.
When a developer imports the package as part of a build or configuration flow, the malicious logic executes at install time. The `rollup-packages-polyfill-core` package contains an obfuscated routine that decodes a Base64 string:
const CMD = Buffer.from("bnBtIGluc3RhbGwgc3dpZnQtcGFyc2Utc3RyZWFtIC0tbm8tc2F2ZSAtLXNpbGVudCAtLW5vLWF1ZGl0IC0tbm8tZnVuZA==", "base64").toString("utf8");
This decodes to: npm install swift-parse-stream --1o-save --silent --1o-audit --1o-fund. The package then requires the newly installed module, retrieves getPlugin(), and invokes the returned function. `rollup-runtime-polyfill-core` follows the same pattern but installs `quirky-token` instead.
The second-stage packages—swift-parse-stream and quirky-token—present themselves as harmless SVG sanitization utilities. However, they fetch a JSON object from JSONKeeper and `eval()` the model field, executing the final payload. A similar pattern was observed with react-icon-svgs, which installed `rollup-plugin-polyfill-connect` as a second stage.
Step-by-Step Guide to Understanding the Infection:
- Entry Point Installation: Developer runs `npm install rollup-packages-polyfill-core` or `rollup-runtime-polyfill-core`
2. Import-Time Execution: When the package is imported, the `ValidateSvgModule()` function executes - Base64 Decoding: The malicious code decodes a Base64 string containing an npm install command
- Second-Stage Download: The command installs either `swift-parse-stream` or `quirky-token` silently
- Payload Retrieval: The second-stage package fetches a JSON object from JSONKeeper
- Code Execution: The `model` field is evaluated via
eval(), executing the final credential-theft or remote-access payload
Linux Command to Inspect Package Installation Scripts:
Extract and examine postinstall scripts from any npm package npm pack rollup-packages-polyfill-core && tar -xzf .tgz && cat package/package.json | grep -A5 -B5 "script" Check for suspicious Base64-encoded commands in package files grep -r "Buffer.from.base64" ./node_modules/rollup-packages-polyfill-core/ Audit all installed packages for known malicious hashes npm audit --json | jq '.advisories[] | select(.severity=="high" or .severity=="critical")'
2. Brandjacking: Beyond Traditional Typosquatting
This campaign represents a significant evolution in how attackers manipulate trust in open-source ecosystems. Sonatype’s research reveals that only 9% of brandjacking packages rely on misspellings alone. The Lazarus Group employed a sophisticated combination of techniques:
Suffix Addition: Adding believable capability terms to trusted package names—buffer-utilities, express-denv, webpack-patch, `chai-as-patch`
Embedding: Placing malicious packages within the same naming space as legitimate projects—the Rollup-themed packages sit alongside rollup, polyfill, core, and `node` naming conventions
Version Mimicry: Using version-related naming like `-v2` to create the appearance of an official successor or maintained release
Step-by-Step Guide to Identifying Brandjacking Attempts:
- Examine Package Context: Don’t just check if a name is misspelled—evaluate whether the package belongs in the ecosystem
- Verify Publisher History: Check the npm publisher’s account age, other published packages, and maintainer history
- Compare Package Structure: Compare suspicious packages against their legitimate counterparts—look for discrepancies in entry points, file sizes, and dependencies
- Audit Dependency Trees: Use `npm ls –depth=5` to identify unexpected or unfamiliar packages in your dependency tree
- Monitor Package Downloads: Legitimate packages typically have high download counts; suspicious packages often have low but not-zero downloads
Windows PowerShell Commands for Dependency Auditing:
List all npm packages with their versions and check for suspicious names
npm list --depth=0 --json | ConvertFrom-Json | Select-Object -ExpandProperty dependencies | Get-Member
Search for packages with "polyfill" in the name
npm list --depth=5 | Select-String "polyfill"
Check for recently added packages (last 7 days)
Get-ChildItem .\node_modules -Directory | Where-Object { $_.CreationTime -gt (Get-Date).AddDays(-7) }
3. Environmental Evasion and Payload Deployment
The malware employs sophisticated environmental checks to avoid detection and analysis. The malicious logic is only present in the CommonJS entry point, not the ESM version—suggesting the attackers understand how different build tools and analysis environments handle module formats. This selective backdooring makes automated scanning less effective.
The staging architecture uses a layered approach:
- Layer 1 (Entry): Rollup-themed packages with legitimate-looking code
- Layer 2 (Stager): SVG utility packages that fetch remote payloads
- Layer 3 (Payload): JSONKeeper-hosted code executed via `eval()`
This structure, combined with install-time execution, environment checks, and credential-theft/remote-access payloads, closely resembles previous North Korean Lazarus-linked npm campaigns.
Step-by-Step Guide to Analyzing Suspicious npm Packages:
- Extract Package Contents: `npm pack
&& tar -xzf .tgz`
2. Examine Entry Points: Check both CommonJS (dist/index.js) and ESM (dist/es/index.js) files for discrepancies - Search for Base64 Strings:
grep -E "Buffer.from\(.base64"—this is a common obfuscation technique - Look for Dynamic Requires: Search for `require()` calls with variables or decoded strings
- Check for Child Process Spawning: Look for
child_process.exec,child_process.spawn, or `execSync`
6. Analyze Network Calls: Search forfetch(),axios.get(), or `http.request()` to external domains
Linux Command to Detect Suspicious npm Package Behavior:
Find all packages that use child_process (potential for malicious execution)
grep -r "child_process" ./node_modules/ --include=".js" | cut -d':' -f1 | sort -u
Find all packages that make network requests
grep -r "fetch|axios|http.request|https.request" ./node_modules/ --include=".js" | cut -d':' -f1 | sort -u
Check for eval() usage (often used for remote code execution)
grep -r "eval(" ./node_modules/ --include=".js" | cut -d':' -f1 | sort -u
4. Detection and Indicators of Compromise
The JFrog research team identified six malicious npm packages in this campaign:
– `rollup-packages-polyfill-core`
– `rollup-runtime-polyfill-core`
– `swift-parse-stream`
– `quirky-token`
– `react-icon-svgs`
– `rollup-plugin-polyfill-connect`
At the time of writing, `rollup-plugin-polyfill-connect` and `react-icon-svgs` had received security-holding versions on npm, while the other four remained live.
Key Indicators of Compromise:
- Unexpected npm packages with “polyfill” or “rollup” in the name that aren’t the legitimate `rollup-plugin-polyfill-1ode`
– Packages that execute installation scripts without user interaction - Outbound network connections to JSONKeeper or similar JSON hosting services
- Base64-encoded strings in package JavaScript files
- Discrepancies between CommonJS and ESM entry points
Step-by-Step Guide to Investigating a Potentially Compromised System:
1. Check npm Package List:
npm list --depth=0 | grep -E "rollup-packages-polyfill-core|rollup-runtime-polyfill-core|swift-parse-stream|quirky-token|react-icon-svgs|rollup-plugin-polyfill-connect"
2. Examine npm Install Logs:
Check npm logs for suspicious installations cat ~/.npm/_logs/-debug.log | grep -E "rollup-packages-polyfill-core|rollup-runtime-polyfill-core"
3. Check for Unexpected Processes:
Linux - look for unexpected Node.js processes
ps aux | grep node | grep -v "node_modules"
Windows PowerShell
Get-Process | Where-Object { $_.ProcessName -eq "node" } | Select-Object Id, ProcessName, StartTime
4. Review Outbound Network Connections:
Linux - check for connections to suspicious domains netstat -tunap | grep ESTABLISHED | grep -E "jsonkeeper|sfrclak" Windows netstat -ano | findstr ESTABLISHED
5. Check for Persistence Mechanisms:
Linux - check cron jobs and systemd timers crontab -l && systemctl list-timers Windows - check scheduled tasks schtasks /query /fo LIST /v
5. Remediation and Prevention Strategies
Organizations that have installed any of the affected packages should treat impacted systems as potentially compromised. Removal alone may not be sufficient if the second-stage payload has already executed.
Immediate Remediation Steps:
1. Remove Malicious Packages:
npm uninstall rollup-packages-polyfill-core rollup-runtime-polyfill-core swift-parse-stream quirky-token react-icon-svgs rollup-plugin-polyfill-connect
2. Clear npm Cache:
npm cache clean --force
- Rotate Credentials: Any credentials that may have been exposed during the infection should be immediately rotated
-
Scan for Persistence: Check for scheduled tasks, cron jobs, startup items, and system services that may have been installed
-
Isolate and Investigate: Treat the system as potentially compromised and conduct a thorough forensic investigation
Proactive Prevention Measures:
-
Implement Package Allowlisting: Use tools like
npm-audit,Snyk, or `Sonatype` to scan dependencies before installation -
Use Integrity Checks: Verify package integrity using
npm‘s built-in integrity checking or `package-lock.json` / `yarn.lock` files -
Audit Package Publishers: Before installing a package, check the publisher’s history and other published packages
-
Enable Two-Factor Authentication: Require 2FA for all npm publish actions to prevent account takeover
-
Implement Runtime Protection: Use runtime application self-protection (RASP) or endpoint detection and response (EDR) to detect malicious behavior
Linux Command to Audit and Lock Dependencies:
Generate a lockfile with integrity hashes
npm install --package-lock-only
Verify integrity of installed packages
npm ci
Audit for vulnerabilities with detailed output
npm audit --audit-level=high --json > audit-report.json
Check for packages with postinstall scripts (potential risk)
find ./node_modules -1ame "package.json" -exec grep -l "postinstall" {} \; | while read pkg; do echo "Package with postinstall: $pkg"; done
6. The Lazarus Group’s Evolving Attack Surface
The Rollup polyfill campaign is just one front in a broader assault on the software supply chain. The Lazarus Group has demonstrated remarkable adaptability, exploiting multiple vectors simultaneously:
Git Hooks and CI/CD Exploitation: The group has exploited Git hooks (pre-commit, post-checkout) and Jenkins CI/CD environments to use development workflows themselves as infection vectors, delivering malware like InvisibleFerret, BeaverTail, and FCCCall.
Cross-Ecosystem Attacks: The group has planted malicious packages across npm, PyPI, and Crates.io in campaigns like “TrapDoor”. They’ve also targeted the Axios ecosystem by hijacking maintainer accounts and publishing malicious versions.
Blockchain as Dead Drop: Famous Chollima (a Lazarus subgroup) has contaminated npm and Packagist development branches and delivered payloads via Cloudflare Workers and blockchain RPC, evading detection by tampering only with development branches of legitimate packages. Some campaigns have even used blockchain technology (EtherHiding) as censorship-proof storage for malware.
AI-Assisted Development: The group has utilized generative AI tools such as Ideogram AI, ChatGPT, and Gemini for both bait content and malware development.
Step-by-Step Guide to Supply Chain Security Hardening:
- Implement Dependency Scanning: Integrate SCA (Software Composition Analysis) tools into your CI/CD pipeline
- Enforce Package Signing: Use npm’s package signing features to verify publisher identity
- Monitor Package Updates: Implement automated alerts for new package versions, especially from lesser-known publishers
- Conduct Regular Audits: Perform quarterly dependency audits and remove unused packages
- Educate Developers: Train developers on supply chain risks and safe dependency management practices
- Implement Network Controls: Restrict outbound network access from build environments to prevent callback to C2 servers
What Undercode Say:
- Brandjacking is the New Typosquatting: Attackers are no longer relying on simple misspellings. They’re creating entire package ecosystems that look legitimate, making detection significantly harder for developers and security teams alike.
-
Install-Time Execution is the Critical Weakness: The npm ecosystem’s design—allowing code execution during installation—remains the single greatest attack vector. Until this fundamental architecture changes, supply chain attacks will continue to succeed.
-
Layered Staging Evades Traditional Detection: The use of multiple staging packages, selective backdooring (CommonJS vs. ESM), and remote payload delivery via JSONKeeper demonstrates a sophisticated understanding of both the npm ecosystem and security analysis techniques.
-
State-Sponsored Sophistication is Increasing: The Lazarus Group’s use of AI-generated content, blockchain-based dead drops, and cross-ecosystem attacks indicates a level of resources and sophistication that outstrips typical cybercriminal operations.
-
Prevention Requires a Multi-Layered Approach: No single control will prevent these attacks. Organizations need a combination of dependency scanning, runtime protection, network controls, and developer education to effectively mitigate supply chain risks.
The Lazarus Group’s Rollup polyfill campaign represents a significant escalation in software supply chain attacks. The combination of sophisticated brandjacking, layered staging, and state-sponsored resources creates a threat that is difficult to detect and even harder to remediate. Organizations must treat this as a wake-up call: the days of simply reviewing package names for typos are over. Security teams need to implement comprehensive supply chain security programs that include automated scanning, runtime protection, and continuous monitoring of developer environments. The npm ecosystem’s fundamental design—allowing code execution during installation—remains a critical vulnerability that will continue to be exploited until the industry addresses it at the architectural level.
Prediction:
+1 The increased visibility of this attack will accelerate adoption of software supply chain security solutions, including SBOM (Software Bill of Materials) generation and automated dependency scanning
+1 Regulatory pressure will increase, with governments and industry bodies mandating stricter supply chain security requirements for software vendors
-1 The Lazarus Group’s success with this campaign will inspire copycat attacks and lower the barrier to entry for other threat actors
+N The npm ecosystem will implement more aggressive security measures, including mandatory 2FA for maintainers and automated malware scanning for new packages
-P The sophistication of these attacks will continue to outpace the industry’s ability to detect them, leading to more high-profile supply chain compromises in the next 12-18 months
+1 The security community’s response—detailed analysis, IoC sharing, and coordinated takedown efforts—will become more effective and faster with each successive campaign
-1 Small and medium-sized organizations without dedicated security teams will remain disproportionately vulnerable to these attacks
▶️ Related Video (74% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Aleborges Cybersecurity – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅


