A new supply chain attack targeting the rand-user-agent NPM package has compromised developer systems by deploying a remote access trojan (RAT) through malicious updates. The incident highlights the growing risks within the open-source ecosystem, where abandoned or infrequently maintained packages become easy targets for exploitation.
The malicious versions—2.0.83, 1.0.110, and 2.0.84—were published by a threat actor who gained unauthorized access to the NPM account linked to the project. This attack method bypassed GitHub and injected harmful code directly into the NPM registry, a classic maneuver in supply chain threats.
What Is rand-user-agent?
The rand-user-agent package, originally created by Romanian software company WebScrapingAPI, is a Node.js tool designed to generate randomized user-agent strings for web scraping applications. Although the project has been inactive for over seven months, it still sees over 40,000 weekly downloads, making it an attractive target for attackers seeking wide-scale access.
While the latest clean version (2.0.82) remains unchanged in the official GitHub repository, malicious updates were silently pushed to the NPM registry, catching many users off guard.
How the Attack Happened
According to Aikido Security, which first discovered the issue, the threat actor exploited an outdated NPM automation token that lacked two-factor authentication (2FA). This token gave them access to the project’s NPM publishing rights—despite no breach of the source-code repository, build systems, or corporate infrastructure.
The attacker then:
- Uploaded three unauthorized versions of the package (2.0.83, 1.0.110, 2.0.84)
- Injected a Windows-specific backdoor (named Python3127 PATH Hijack)
- Established remote command-and-control (C&C) communications
- Avoided deprecation notices to make the updates look legitimate
The backdoor allows the attacker to manipulate file paths, execute shell commands, and download additional payloads—posing significant risks for any development environments that pulled these versions into their applications.
WebScrapingAPI confirmed the attack and emphasized that the malicious code was never part of the GitHub repo, making this a NPM registry-only compromise. It urged all users to immediately revert to version 2.0.82 and inspect their systems for signs of compromise. “We apologize to every developer and organization impacted by this incident,” the company stated. “We are committed to full transparency as we close every gap that allowed this attack to occur.”
Developers who installed the affected versions should:
- Roll back to version 2.0.82
- Audit their environments for malicious binaries or unknown processes
- Revoke any potentially exposed tokens or credentials
A Growing Trend in Supply Chain Threats
The rand-user-agent NPM supply chain attack is part of a larger trend in which cybercriminals exploit gaps in open-source security practices. By targeting lightly maintained or deprecated packages with high download counts, attackers can silently push malware into thousands of production systems.
This incident echoes similar cases like event-stream, coa, and UAParser.js, where malicious actors either gained access to developer accounts or compromised inactive projects to spread malware under the guise of version updates.
This attack reinforces the need for stronger account security, particularly for developers managing popular NPM packages. Two-factor authentication, automated version monitoring, and manual code reviews are essential to protecting the open-source ecosystem.
WebScrapingAPI says it is working with NPM and security researchers to trace the full scope of the compromise and prevent future incidents.
