Microsoft Exposes Malicious Typosquat Cluster Targeting Cloud Environments

Urgent Alert for DevOps Engineers

Microsoft security analysts recently identified an active threat vector targeting modern software development pipelines. Specifically, malicious threat actors launched a sophisticated npm supply chain attack to compromise cloud infrastructure assets. A single adversary operating under the alias vpmdhaj published 14 malicious packages within a four-hour window on May 28, 2026. These files typosquat popular cloud management packages to deceive developers. Consequently, development teams must audit their environments immediately to stop active data exfiltration.

Anatomy of the Deceptive Packages

To begin with, the attacker utilized clever social engineering tricks to drive accidental downloads. The malicious libraries mimic legitimate database utilities such as OpenSearch and ElasticSearch. Specifically, the lookalike names include opensearch-setup and elastic-opensearch-helper. Furthermore, the threat actor falsified package metadata fields to build immediate developer trust. According to the threat report, “every unscoped package sets its package.json homepage, repository, and bugs fields to the legitimate github.com/opensearch-project/opensearch-js project.” In addition, the releases jumped straight to high version numbers to falsely suggest a mature distribution history.

Dual-Generation Silent Stagers

Every package inside this malicious cluster triggers automated execution paths without requiring direct user invocation. The malware activates immediately when a developer triggers a standard package installation command. Initially, the Gen-1 variants utilized a basic script file to communicate with external command infrastructure. This script harvested basic host context and downloaded a separate compressed binary file.

However, the threat actor modified the delivery model in later versions. The Gen-2 stagers replaced the noisy web check-in with a fileless mechanism to evade traditional monitoring networks. Instead of making an outbound call right away, the newer setup script abuses the legitimate Bun runtime distribution. The loader retrieves a legitimate Bun bundle directly from GitHub to execute a pre-bundled file hidden inside the tarball.

In-Depth Credential Harvesting

Once the stager finishes its preparation, it deploys a dangerous credential harvesting malware component. This second-stage payload is a specialized Bun-compiled binary of approximately 195 KB. Specifically, the program targets cloud infrastructure tokens across multiple developer environments. The payload queries the local Amazon Web Services metadata endpoints to steal container roles. Additionally, it extracts sensitive configuration secrets across 16 distinct AWS regions.

In addition, the malware targets secrets stored inside HashiCorp Vault environments. It searches for authorization keys inside the host environment variables. Furthermore, the binary attempts to steal npm publish tokens to widen the npm supply chain attack. The report explains that “stolen npm publish tokens enable downstream supply-chain pivoting – pushing malicious updates to packages owned by hijacked maintainer identities”.

Recommended Defensive Mitigations

Fortunately, the registry maintainers quickly removed the fraudulent user profiles and libraries. However, organizations must still harden their local workstations against this campaign. Microsoft recommends that security teams disable pre- and post-installation scripts by appending flags to installation loops. Developers can configure this setting globally to prevent automatic hook execution.

In addition, defenders must rotate exposed cloud keys and GitHub infrastructure tokens. Network administrators should block all outbound connections to the rogue command domain aab.sportsontheweb.net. Finally, teams can audit their cloud trails for unusual identity checks to catch active lateral movement.