Malicious npm Packages Turn Browsers into DDoS Botnet

In May 2026, a campaign involving 148 malicious npm packages transformed unsuspecting users’ browsers into a distributed denial-of-service (DDoS) botnet, as revealed by recent research from JFrog. These packages masqueraded as student web proxies, exploiting the npm registry to host booby-trapped proxy sites that lured students seeking to bypass school content filters.

The deceptive packages bore names such as ‘charlie-kirk,’ ‘ilovefemboys,’ and ‘miguelphonk,’ each featuring a proxy application branded ‘Lucide’ and presented as tutoring services like ‘Riverbend Tutoring’ or ‘Northstar Tutoring.’ While the proxies appeared functional, allowing access to restricted content, they secretly loaded a remote code loader and a WebSocket flood generator designed to communicate via the Wisp proxy protocol. This setup effectively enlisted any visitor’s browser into the botnet without their knowledge.

Unlike traditional supply chain attacks that target developers during the build process, this campaign bypassed the build pipeline entirely. The malicious code did not execute upon package installation, as the packages lacked lifecycle hooks and native build scripts. Instead, the attack activated when users accessed the proxy sites, turning their browsers into unwitting participants in the DDoS attacks.

Earlier analyses, such as one from SafeDep in May, identified 141 of these packages and categorized the operation as adware and registry abuse. The sites were found to incorporate pop-under ads, third-party monetization scripts, and Google Analytics tracking, all built upon a Scramjet proxy framework aimed at students. However, JFrog’s deeper investigation uncovered more sinister components beneath the adware layer.

One such component, dubbed ‘G2′ by JFrog, functioned as a remote script loader that fetched JavaScript code from a GitHub repository via the jsDelivr CDN. This method lacked security measures like Subresource Integrity checks and referenced the mutable main branch, allowing the repository owner to alter the code executed in users’ browsers at any time. Archived versions of the repository revealed that it served scripts initiating HTTP flood attacks, sending large POST requests to target domains without waiting for responses, thereby overwhelming the targets with traffic.

This incident underscores the evolving nature of supply chain attacks, where threat actors exploit open-source ecosystems not only to compromise developers but also to target end-users directly. The npm registry’s openness, while fostering innovation, also presents opportunities for malicious actors to distribute harmful packages. Developers and users alike must exercise caution, scrutinize package sources, and implement robust security practices to mitigate such risks.