Feed
HighPublished 21 May 20261 package · 2 versions

@common-stack/generate-plugin hijacked — PolinRider-linked RAT in two alpha releases

Summary

Sonatype disclosed on 2026-05-21 that two alpha releases of @common-stack/generate-plugin (9.0.2-alpha.21, 9.0.2-alpha.22, published ~2026-05-20–21) ship an install-time stager that pulls a second-stage RAT. Tradecraft overlaps the DPRK-linked PolinRider / Contagious Interview cluster. Package draws ~1,100 weekly downloads as a Node.js plugin scaffolding helper, so any developer machine that ran it during local install should be treated as compromised.

maintainer-takeovercredential-theftinfostealerobfuscation
Threat actor
PolinRider (DPRK / Contagious Interview cluster)
Detected by
Sonatype
Also known as
PolinRider npm hijack · common-stack generate-plugin compromise
Ecosystems
npm
Packages tracked
1

What happened

On 2026-05-21 Sonatype published an analysis of two compromised alpha releases of @common-stack/generate-plugin, an npm package used as a plugin / scaffolding generator in Node.js developer workflows with roughly 1,100 weekly downloads. The malicious versions 9.0.2-alpha.21 (tarball shasum b2a728333862dcc5402626f88c5cfad32d8ed16b) and 9.0.2-alpha.22 (tarball shasum d2783ec5b5cf22b85f379c04c8ddde079abb6d18) were pushed by the maintainer account common-stack (none@cdmbase.com), with 9.0.2-alpha.22 representing the latest published release on the package as of disclosure.

The attack chain is install-time: embedded code in the package executes during npm install, attempts to retrieve a second-stage payload from attacker-controlled infrastructure, and runs it on the host. Sonatype attributes the compromise to PolinRider, a DPRK-linked actor previously documented in the OpenSourceMalware PolinRider dossier and connected to the broader Lazarus / Contagious Interview / TasksJacker clusters. Attribution rests on overlapping tradecraft — file-targeting heuristics, obfuscation patterns, install-time execution, and second-stage retrieval behaviour — rather than infrastructure reuse, so treat the link as a high-confidence tradecraft signal rather than hard attribution.

Unlike the prior PolinRider tailwind-CSS typosquats (tailwindcss-style-animate, tailwind-mainanimation, tailwind-autoanimation, etc.) and the broader campaign against ~1,950 GitHub repos owned by ~1,050 maintainers tracked through April 2026, this incident is a hijack rather than a typosquat: the legitimate common-stack publisher account pushed the malicious alphas. That is a meaningful escalation. Scaffolding generators are run with elevated developer trust — they execute code by design, often outside the normal CI sandbox, and frequently against fresh project trees — making them an ideal staging point for credential and source-tree exfiltration.

GitHub Advisory Database did not have a published GHSA for the package at ingest time (2026-06-01). The npm registry still serves the two malicious tarballs at the URLs https://registry.npmjs.org/@common-stack/generate-plugin/-/generate-plugin-9.0.2-alpha.21.tgz and …-9.0.2-alpha.22.tgz, so any lockfile or proxy mirror that resolved them during the exposure window will continue to do so until npm formally removes them. CVSS 8.7 (high) per Sonatype scoring.

  • Publisher: common-stack (none@cdmbase.com).
  • Malicious versions present in the registry as of ingest; cleanest known release is 9.0.2-alpha.20 and earlier on the 9.0.2-alpha line.
  • Attribution: PolinRider tradecraft overlap (Sonatype). Related to the Lazarus / Contagious Interview cluster previously covered in npm-2026-02-27-stegabin-contagious-interview.ts and multi-2026-04-07-contagious-interview-5-ecosystems.ts, but treated separately here because Sonatype did not assert direct cluster identity.

Affected packages (1)

  • npm@common-stack/generate-plugin
    9.0.2-alpha.219.0.2-alpha.22

Impact

  • Install-time postinstall script downloads and executes a second-stage RAT payload on developer / build machines
  • Scaffolding/generator packages are typically run with elevated trust during local development — broader access to credentials, source trees, and propagation paths than runtime-only deps
  • Tradecraft overlap with PolinRider (file-targeting heuristics, obfuscation pattern, install-time execution chain) implies follow-on objectives consistent with the Lazarus / Contagious Interview clusters: SSH keys, browser credentials, crypto wallets, environment variables
  • ~1,100 weekly downloads — modest blast radius, but the package sits in dev tooling rather than production deps, so most installs land on engineer workstations
  • No published GHSA at ingest time (2026-06-01); confirmation rests on the Sonatype Repository Firewall detection plus direct registry verification of the two malicious tarball shasums

What to do

  1. 1Treat any host that installed @common-stack/generate-plugin@9.0.2-alpha.21 or 9.0.2-alpha.22 as fully compromised — remove the package and rebuild the workstation from a known-good image
  2. 2Rotate every credential reachable from the affected workstation: SSH keys, GitHub PATs, npm tokens, AWS/GCP/Azure profiles, browser-stored secrets, crypto wallet seed phrases
  3. 3Pin @common-stack/generate-plugin to <= 9.0.2-alpha.20 or the prior stable line until the maintainer publishes a clean release and confirms the publisher account is recovered
  4. 4Audit lockfiles, CI caches, and any internal package mirror for the two malicious version tarballs (shasums b2a728333862dcc5402626f88c5cfad32d8ed16b and d2783ec5b5cf22b85f379c04c8ddde079abb6d18)
  5. 5For organisations running PolinRider hunts already: cross-reference the OpenSourceMalware/PolinRider scanner IoCs and treat any host with both a common-stack install and previous PolinRider indicators as a high-priority forensic target
  6. 6Disable postinstall script execution by default in developer environments (npm config set ignore-scripts true) and run trusted scripts explicitly

References

npm-2026-05-21-common-stack-generate-plugin-polinrider