Cybersecurity researchers have recently identified two malicious packages within the npm registry, designed to compromise locally installed packages, highlighting the evolving nature of software supply chain attacks targeting the open-source ecosystem.
The packages in question are `ethers-provider2` and `ethers-providerz`. The former has been downloaded 73 times since its publication on March 15, 2025, while the latter, likely removed by its author, did not record any downloads.
These packages function as simple downloaders with concealed malicious payloads. Their second stage involves “patching” the legitimate npm package `ethers`, installed locally, by introducing a new file containing the malicious payload. This altered file ultimately serves as a reverse shell.
This development signifies a new escalation in threat actors’ tactics. Uninstalling the rogue packages does not eliminate the malicious functionality, as the changes reside within the popular `ethers` library. Furthermore, if a user removes the `ethers` package while `ethers-provider2` remains on the system, it risks reinfection upon reinstalling the package later.
Analysis of `ethers-provider2` reveals it as a trojanized version of the widely-used `ssh2` npm package, including a malicious payload within `install.js` to retrieve a second-stage malware from a remote server (`5.199.166[.]1:31337/install`), write it to a temporary file, and execute it.
Immediately after execution, the temporary file is deleted to avoid leaving traces. The second-stage payload initiates an infinite loop to check if the npm package `ethers` is installed locally.
If the package is present or gets freshly installed, it replaces one of the files named `provider-jsonrpc.js` with a counterfeit version that includes additional code to fetch and execute a third-stage payload from the same server. This newly downloaded payload functions as a reverse shell, connecting to the threat actor’s server over SSH.
This means that the connection opened with this client turns into a reverse shell once it receives a custom message from the server. Even if the package `ethers-provider2` is removed from a compromised system, the client will still be used under certain circumstances, providing a degree of persistence for the attackers.
It’s important to note that the official `ethers` package on the npm registry is not compromised, as the malicious modifications are made locally post-installation.
The second package, `ethers-providerz`, behaves similarly by attempting to alter files associated with a locally installed npm package called `@ethersproject/providers`. The exact npm package targeted by this library is not known, although source code references indicate it could have been `loader.js`.
These findings underscore the novel methods threat actors are employing to serve and persist malware in developer systems. It is crucial for developers to carefully scrutinize packages from open-source repositories before downloading and using them.
Despite the low download numbers, these packages are powerful and malicious. If their mission is successful, they will provide attackers with unauthorized access to compromised systems, potentially leading to data theft, system manipulation, or further propagation of malicious code.
