PostCSS lookalike npm typosquats deliver multi-stage Windows RAT (abdrizak / JFrog)
JFrog disclosed three malicious npm packages published by the abdrizak account that masquerade as postcss-selector-parser tooling. An AES-256-GCM-encrypted blob drops a PowerShell stager which fetches a Windows RAT from nvidiadriver[.]net, persists via the registry, and beacons over encrypted HTTP to 95.216.92.207:8080 to steal Chrome credentials and run remote-shell / file-transfer commands.
- Detected by
- JFrog Security Research
- Ecosystems
- npm
- Packages tracked
- 3
What happened
On 2026-06-22 JFrog Security Research disclosed three malicious npm packages published by a single account, abdrizak, that deliver a multi-stage Windows remote access trojan. The packages typosquat postcss-selector-parser (>150M weekly downloads): postcss-minify-selector-parser (615 downloads, versions 1.0.11–1.0.18, 2.0.1, 2.0.2), postcss-minify-selector (256 downloads, versions 0.1.2–0.1.11, 2.0.1, 2.0.2) and aes-decode-runner-pro (145 downloads, versions 1.0.1–1.0.11). Malicious releases were uploaded in three bursts between 2026-05-25 and 2026-06-12; npm yanked all three packages on 2026-06-24 and replaced each with a 0.0.1-security holder.
The packages each declare the genuine postcss-selector-parser as a runtime dependency, so a dependency-tree review looks normal. Entry-point src/index.js performs a side-effect-only require() of a sibling module which loads an AES-256-GCM-encrypted blob from a config file. The decoded JavaScript writes a PowerShell script (settings.ps1) to disk and runs it with -ExecutionPolicy Bypass, which in turn downloads the second stage from a domain posing as nvidiadriver[.]net.
The payload is a Windows RAT capable of remote shell, arbitrary file upload/download, host profiling, Chrome saved-credential theft (including the app-bound encryption bypass introduced in 2024), Chrome-extension data harvesting, and persistence via the Windows registry Run key. It beacons to 95.216.92.207:8080 over encrypted HTTP using RC4/ARC4 with MD5 integrity checks.
- Cumulative ~1,016 downloads across the three packages, so blast radius is small in absolute terms but high impact per victim (developer or CI host).
- Tactical signature (encrypted blob + PowerShell stager + fake
nvidiadriver[.]netC2 + registry persistence) is consistent with a Russia-region operator opportunistically targeting JavaScript developers; JFrog did not attribute the campaign to a named actor. - This is a registry-level typosquat, not a maintainer takeover —
postcss-selector-parser(the legitimate package) is unaffected.
Affected packages (3)
- npm
aes-decode-runner-pro1.0.11.0.21.0.31.0.41.0.51.0.61.0.71.0.81.0.91.0.101.0.11 - npm
postcss-minify-selector0.1.20.1.30.1.40.1.50.1.60.1.70.1.80.1.90.1.100.1.112.0.12.0.2 - npm
postcss-minify-selector-parser1.0.111.0.121.0.131.0.141.0.151.0.161.0.171.0.182.0.12.0.2
Impact
- Multi-stage Windows RAT installed on developer / CI machines that pulled
postcss-minify-selector-parser,postcss-minify-selector, oraes-decode-runner-pro - Chrome credential theft (saved logins + app-bound encryption bypass) and host profiling
- Remote shell, arbitrary file upload/download, and command execution under the developer account
- Registry-based persistence — RAT survives reboot even after npm package removal
- Decoy: malicious packages declare the genuine
postcss-selector-parseras a dependency, so dependency-tree review looks normal
What to do
- 1Remove
postcss-minify-selector-parser,postcss-minify-selector, andaes-decode-runner-profrom everypackage.json/ lockfile and reinstall — npm replaced all three with0.0.1-securityplaceholders on 2026-06-24 - 2On Windows hosts that installed any version, hunt for
settings.ps1written under%APPDATA%/%TEMP%, scheduled tasks andHKCU\Software\Microsoft\Windows\CurrentVersion\Runentries pointing at PowerShell, and outbound traffic tonvidiadriver[.]netor95.216.92.207:8080 - 3Treat Chrome on any affected host as compromised: rotate every saved password, revoke browser-stored OAuth sessions, sign out of all devices for npm / GitHub / cloud-provider consoles
- 4Block egress to
nvidiadriver[.]netand95.216.92.207at the egress proxy / EDR layer; alert onpowershell -ExecutionPolicy Bypassinvocations fromnode/npmparent processes - 5Add the
abdrizaknpm publisher to your registry deny-list; audit lockfiles for any other package declaringpostcss-minify-selector-parseras a transitive dependency
References
- JFrog Security ResearchFrom PostCSS Masquerading to Windows RATresearch.jfrog.com
- The Hacker NewsMalicious npm Packages Pose as PostCSS Tools to Deliver Windows RATthehackernews.com
- Infosecurity MagazineLookalike npm Package Hides a Multi-Stage Windows RATinfosecurity-magazine.com
- GBHackersMalicious npm Package Masquerades as PostCSS Utility to Deliver PowerShell Downloadergbhackers.com