Feed
HighPublished 22 Jun 20263 packages · 33 versions

PostCSS lookalike npm typosquats deliver multi-stage Windows RAT (abdrizak / JFrog)

Summary

JFrog disclosed three malicious npm packages published by the abdrizak account that masquerade as postcss-selector-parser tooling. An AES-256-GCM-encrypted blob drops a PowerShell stager which fetches a Windows RAT from nvidiadriver[.]net, persists via the registry, and beacons over encrypted HTTP to 95.216.92.207:8080 to steal Chrome credentials and run remote-shell / file-transfer commands.

typosquatinfostealercredential-theftobfuscation
Detected by
JFrog Security Research
Ecosystems
npm
Packages tracked
3

What happened

On 2026-06-22 JFrog Security Research disclosed three malicious npm packages published by a single account, abdrizak, that deliver a multi-stage Windows remote access trojan. The packages typosquat postcss-selector-parser (>150M weekly downloads): postcss-minify-selector-parser (615 downloads, versions 1.0.11–1.0.18, 2.0.1, 2.0.2), postcss-minify-selector (256 downloads, versions 0.1.2–0.1.11, 2.0.1, 2.0.2) and aes-decode-runner-pro (145 downloads, versions 1.0.1–1.0.11). Malicious releases were uploaded in three bursts between 2026-05-25 and 2026-06-12; npm yanked all three packages on 2026-06-24 and replaced each with a 0.0.1-security holder.

The packages each declare the genuine postcss-selector-parser as a runtime dependency, so a dependency-tree review looks normal. Entry-point src/index.js performs a side-effect-only require() of a sibling module which loads an AES-256-GCM-encrypted blob from a config file. The decoded JavaScript writes a PowerShell script (settings.ps1) to disk and runs it with -ExecutionPolicy Bypass, which in turn downloads the second stage from a domain posing as nvidiadriver[.]net.

The payload is a Windows RAT capable of remote shell, arbitrary file upload/download, host profiling, Chrome saved-credential theft (including the app-bound encryption bypass introduced in 2024), Chrome-extension data harvesting, and persistence via the Windows registry Run key. It beacons to 95.216.92.207:8080 over encrypted HTTP using RC4/ARC4 with MD5 integrity checks.

  • Cumulative ~1,016 downloads across the three packages, so blast radius is small in absolute terms but high impact per victim (developer or CI host).
  • Tactical signature (encrypted blob + PowerShell stager + fake nvidiadriver[.]net C2 + registry persistence) is consistent with a Russia-region operator opportunistically targeting JavaScript developers; JFrog did not attribute the campaign to a named actor.
  • This is a registry-level typosquat, not a maintainer takeover — postcss-selector-parser (the legitimate package) is unaffected.

Affected packages (3)

  • npmaes-decode-runner-pro
    1.0.11.0.21.0.31.0.41.0.51.0.61.0.71.0.81.0.91.0.101.0.11
  • npmpostcss-minify-selector
    0.1.20.1.30.1.40.1.50.1.60.1.70.1.80.1.90.1.100.1.112.0.12.0.2
  • npmpostcss-minify-selector-parser
    1.0.111.0.121.0.131.0.141.0.151.0.161.0.171.0.182.0.12.0.2

Impact

  • Multi-stage Windows RAT installed on developer / CI machines that pulled postcss-minify-selector-parser, postcss-minify-selector, or aes-decode-runner-pro
  • Chrome credential theft (saved logins + app-bound encryption bypass) and host profiling
  • Remote shell, arbitrary file upload/download, and command execution under the developer account
  • Registry-based persistence — RAT survives reboot even after npm package removal
  • Decoy: malicious packages declare the genuine postcss-selector-parser as a dependency, so dependency-tree review looks normal

What to do

  1. 1Remove postcss-minify-selector-parser, postcss-minify-selector, and aes-decode-runner-pro from every package.json / lockfile and reinstall — npm replaced all three with 0.0.1-security placeholders on 2026-06-24
  2. 2On Windows hosts that installed any version, hunt for settings.ps1 written under %APPDATA% / %TEMP%, scheduled tasks and HKCU\Software\Microsoft\Windows\CurrentVersion\Run entries pointing at PowerShell, and outbound traffic to nvidiadriver[.]net or 95.216.92.207:8080
  3. 3Treat Chrome on any affected host as compromised: rotate every saved password, revoke browser-stored OAuth sessions, sign out of all devices for npm / GitHub / cloud-provider consoles
  4. 4Block egress to nvidiadriver[.]net and 95.216.92.207 at the egress proxy / EDR layer; alert on powershell -ExecutionPolicy Bypass invocations from node / npm parent processes
  5. 5Add the abdrizak npm publisher to your registry deny-list; audit lockfiles for any other package declaring postcss-minify-selector-parser as a transitive dependency

References

npm-2026-06-22-postcss-rat-typosquat-jfrog