Do Son 
It looked like just another UI library. “ansi-universal-ui” promised to be a “lightweight, modular UI component system for modern web applications.” But behind the professional description and version history lay a sophisticated infostealer that security researchers at Aikido have dubbed “G_Wagon”.
Discovered on January 23, 2026, this malicious package is not a simple script; it is a multi-stage attack platform designed to drain developer environments of their most valuable secrets.
The attack began with a deceptive npm package. To the casual observer, ansi-universal-ui appeared legitimate. However, once installed, it executed a “heavily obfuscated payload” that downloaded its own Python runtime to bypass local environment restrictions.
The malware’s appetite for data is voracious. According to the report, it “exfiltrates your browser credentials, cryptocurrency wallets, cloud credentials, and Discord tokens to an Appwrite storage bucket”.
The report outlines a timeline of 10 versions published over just two days, revealing a trial-and-error approach to weaponization.
- Day 1: The attacker tested the plumbing. Version 1.0.0 was a “Initial scaffold using npm’s tar module,” followed quickly by fixes to dependencies and redirects.
- Day 2: The gloves came off. Version 1.3.5 added the Command and Control (C2) URL. By version 1.3.8, the malware included a “Full Python payload with browser injection.”
“This one’s interesting because we can see the entire development process,” the researchers noted. “The attacker published 10 versions over two days, and each version tells part of the story”.
The technical sophistication of “G_Wagon” sets it apart from typical script-kiddie malware. Embedded within the Python code was a “large base64-encoded blob” which turned out to be an XOR-encrypted Windows DLL.
The malware didn’t just run; it burrowed. It injected this DLL into browser processes using high-level Native APIs like NtAllocateVirtualMemory and NtCreateThreadEx. “The malware includes a full PE parser that walks the export table looking for a function called ‘Initialize’ – that’s the entry point it calls after injection”.
The malware creators clearly anticipated high-value targets. For large files, the malware “chunks the data into 5MB pieces,” ensuring that even massive caches of stolen data could be exfiltrated reliably. “The authors clearly planned for victims with lots of valuable data”.
Developers who may have installed ansi-universal-ui are urged to take scorched-earth measures immediately:
- Delete node_modules and remove the package.
- Check for a .gwagon_status file in the home directory—a smoking gun of infection.
- Rotate all credentials, specifically focusing on browser-saved passwords, cloud keys (AWS/Azure/GCP), and SSH keys.
Related Posts:
- CVE-2025-32965: Backdoor in xrpl.js SDK Puts Crypto Wallets at Risk
- Malicious npm Packages Exploiting Typosquatting to Inject SSH Backdoors
- Google Drive Desktop Gets Major Redesign: Unified UI Centralizes Files, Sync & Notifications
- Malicious npm Packages Backdoor Telegram Bot Developers
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
