The Return of PhantomRaven: New Waves of npm Supply Chain Attacks

PhantomRaven is an npm supply chain attack that targets CI/CD secrets and developer credentials by using Remote Dynamic Dependencies (RDD) to hide malicious payloads outside the npm registry. Despite its lack of technical complexity, PhantomRaven is difficult to detect, as it bypasses static analysis and Software Bill of Materials (SBOM) tools by linking package dependencies to external tarballs. The attack has been executed in multiple waves since its initial discovery by Koi Security in October 2025, targeting major CI/CD platforms like GitHub Actions, GitLab CI, Jenkins, CircleCI, and npm tokens. Attackers utilized fake package names that could be mistaken for AI-generated suggestions, increasing the likelihood of installation. The malware collects sensitive information, such as tokens and developer data, and transmits it using various methods to avoid detection. While the individual behind the attack claimed it was a security research effort, the lack of transparency and the extent of data collection have raised significant security concerns, especially for QA teams and CI/CD pipelines. The incident highlights the importance of implementing security measures such as verifying package publishers, using npm ci for stable lockfiles, monitoring network traffic, and maintaining SBOM files to mitigate risk in automated testing environments.