
Aikido Security has uncovered a Remote Access Trojan (RAT) embedded in rand-user-agent, a JavaScript package downloaded ~45,000 times weekly from the npm registry.
“On 5 May, our automated malware analysis pipeline detected a suspicious package… It detected signs of a supply chain attack against this legitimate package,” Aikido Security warns.
The package in question generates randomized user-agent strings and is maintained by WebScrapingAPI. But starting with version 1.0.110, attackers had injected deeply obfuscated malicious code that turned the utility into a full-fledged surveillance tool.
Aikido’s report shows the attackers used a scrollbar trick to conceal the backdoor within dist/index.js, effectively hiding heavily obfuscated JavaScript at the bottom of the file. The code reveals a cleverly constructed malware loader that exfiltrates data and sets up covert socket communication.

Once activated, the malicious script sets up:
- A socket.io-client connection to a C2 server at http://85.239.62[.]36:3306
- A file exfiltration pipeline via HTTP POST to http://85.239.62[.]36:27017/u/f
- Dynamic installation of dependencies (axios, socket.io-client) in a stealth .node_modules directory in the user’s home
Upon connection, the RAT identifies the host with a unique ID, sends OS details, and awaits remote commands.
Supported commands include:
One of the stealthiest features is a Windows-specific PATH hijack. The RAT appends the following to the beginning of the system’s PATH: %LOCALAPPDATA%\Programs\Python\Python3127.
“By injecting this directory at the start of PATH, any command relying on environment-resolved executables… may be silently hijacked,” the researcher explains.
This means even legitimate-looking Python commands could be routed through malware-controlled executables if the directory contains them.
Interestingly, GitHub shows the last legitimate release of the package as 2.0.82. However, the npm registry contains malicious updates:
- 1.0.110
- 2.0.83
- 2.0.84
Each of these versions contains the malicious payload. This mismatch points to a supply chain compromise, likely involving unauthorized publishing rights on npm.
If you’ve installed rand-user-agent, check for the compromised versions and monitor for communications to the following IOCs:
- C2 Server: http://85.239.62[.]36:3306
- File Upload Endpoint: http://85.239.62[.]36:27017/u/f
Look for unexpected dependencies or stealth .node_modules folders in home directories.