Attackers concealed two malicious npm packages, img-aws-s3-object-multipart-copy
and legacyaws-s3-object-multipart-copy
, that cleverly hides command-and-control functionality within seemingly innocuous image files. Disguised as legitimate projects, these packages are designed to execute hidden scripts to control compromised systems remotely.
The identified malicious packages initially appear legitimate, mimicking genuine projects. The first package, “img-aws-s3-object-multipart-copy
,” is a deceptive clone of the authentic “aws-s3-object-multipart-copy
” library on GitHub. However, on deeper inspection, researchers revealed a crucial alteration in the index.js file, which now executes a news script named loadformat.js — embedded with the malicious payload.
The loadformat.js script ostensibly performs routine image analysis but conceals a sophisticated mechanism to execute hidden code. It reads each byte of an image file, converting bytes between 32 and 126 into characters, which are then appended to a variable. This conversion forms the basis for a covert function defined by the threat actor.

“At first glance, these packages appear entirely legitimate; however, as our system automatically noted, they contained sophisticated command and control functionality hidden in image files that would be executed during package installation,” explained researchers.
The true intent is revealed when a condition, marked by the variable “convertertree
,” triggers the execution of code extracted from the image file. If the length of the bytes exceeds 2,000, the payload is executed, signifying the presence of hidden command-and-control instructions.
“If convertertree
is set to true
, imagebyte
is set to analyzepixels
. In plain language, if converttree
is set, it will execute whatever is contained in the script we extracted from the image file,” researchers wrote. “We note that convertertree
will be set to true
if the length of the bytes found in the image is greater than 2,000.”

Three image files — logo1.jpg, logo2.jpg, and logo3.jpg — are processed within the loadformat.js script. While two images (Intel and AMD logos) fail to meet the execution criteria, the Microsoft logo (logo2.jpg) successfully triggers the command-and-control functionality. This image initiates contact with a remote server at 85.208.108.29, registering the client and setting up a loop to fetch and execute commands every five seconds.
The executed commands are then sent back to the attacker, establishing a persistent and covert communication channel.
Researchers discovered the malicious npm packages and reported them for removal. However, these packages remained accessible on npm for nearly two days, exposing developers to potential exploitation.
“We have reported these packages for removal, however, the malicious packages remained available on npm for nearly two days. This is worrying as it implies that most systems are unable to detect and promptly report on these packages, leaving developers vulnerable to attack for longer periods of time,” cautioned researchers.
Last year, researchers discovered over 15,000 malicious packages on NPM.
In the News: Squarespace domain hijacking targets cryptocurrency sector