@kindo/selfbot npm package delivers XWorm RAT via 5-stage Astral Warfare chain
JFrog identified @kindo/selfbot (XRAY-964727), a video-game-themed Discord selfbot npm package. A 5-stage chain (JS downloader → 250KB obfuscated batch → PowerShell process injection → XOR-decoded shellcode → XWormClient .NET RAT) installed itself against explorer.exe with AMSI/ETW evasion.
- Detected by
- JFrog
- Also known as
- Astral Warfare · Astral Injection
- Ecosystems
- npm
- Packages tracked
- 1
What happened
JFrog flagged @kindo/selfbot (XRAY-964727) on 15 April 2026 — a video-game-themed Discord selfbot npm package distributed alongside a fake indie game branded "Astral Warfare" at astralwarfare.fr. Distribution leans on social engineering through hijacked Discord accounts: contacts of compromised users receive a "Would you test my new game?" pitch directing them to the site.
The execution chain runs five stages:
- JS downloader stub in
@kindo/selfbot. - A ~250KB obfuscated batch script (SHA-256
0b2ce48e4be6a6be85565ce309d2f10cc1b3179a03d25a61f66c6b50fe37b010). - PowerShell process-injection loader (SHA-256
7a8cef4bfa1ca9c24be4886136c30402d4433310283aee22e2da67cbb938b3a9) with AMSI / ETW evasion targetingexplorer.exe. - XOR-decoded shellcode (SHA-256
1255d41081452cd8fa2358860449bbf3b3494b80282e2bb4ba6b6980ceaf9be1). - XWormClient .NET RAT v7.4 (SHA-256
c26f8d09e0486aacba414f04c310c6532541d2cdf3f40d95e3fe224d9b77e0a6), C2185.94.29.43:7004, protocol separator<Xwormmm>.
XWorm 7.4 ships the usual capability set — RCE, DDoS, screenshot, USB propagation, plugin loader, window monitoring — and persists via a scheduled task named applicationbackup_* plus an IntelDriver directory under C:\ProgramData. Developers who installed @kindo/selfbot should treat Discord tokens, npm tokens, SSH keys and any cloud / DB credentials reachable from the workstation as exposed.
Affected packages (1)
- npm
@kindo/selfbot1.0.01.0.11.0.21.0.31.0.4
Impact
- Full RAT capabilities: RCE, DDoS, screenshot, plugin loading
- Persistence via scheduled task
applicationbackup_* - Discord, npm, SSH and cloud credential exposure for developers who installed
What to do
- 1Uninstall
@kindo/selfbot, purge node_modules, setnpm config set ignore-scripts true - 2
schtasks /delete /tn "applicationbackup_*" /fand removeIntelDriverdirs underC:\ProgramData - 3Rotate Discord tokens, npm tokens, cloud and DB credentials
- 4Block astralwarfare.fr and 185.94.29.43 at egress