A widely used NPM scraping tool, rand-user-agent, has been compromised in a serious supply chain attack. The breach exposed thousands of developers to a dangerous backdoor.
The tool was originally created by WebScrapingAPI. It generates random user-agent strings for Node.js-based scraping projects. Although deprecated and inactive for over seven months, the package still sees more than 40,000 downloads per week.
Attackers took advantage of this popularity. They published three malicious versions — 2.0.83, 1.0.110, and 2.0.84 — directly to the NPM registry. These updates weren’t linked to the project’s GitHub source code.
Security firm Aikido discovered the malware. The malicious versions installed a backdoor called Python3127 PATH Hijack, which can run shell commands, modify files, and fetch additional malicious code.
Unlike typical malware, this RAT uses a Windows-specific PATH hijack trick. It disguises its activity by posing as part of legitimate Python tools. As a result, it blends in and avoids detection.
The attacker used a stolen automation token to publish the rogue packages. This token lacked two-factor authentication. WebScrapingAPI confirmed that their GitHub repo, internal systems, and build pipeline remain secure.
The attacker didn’t change the GitHub code. Instead, they only injected malware into the NPM-distributed versions. They also increased version numbers to make the updates look legitimate.
WebScrapingAPI responded quickly. They revoked the token, secured their systems, and alerted the community. They’ve also urged developers to roll back to the last clean version: 2.0.82.
Anyone using the NPM scraping tool should downgrade immediately. It’s also important to check for signs of compromise and clean infected machines.
WebScrapingAPI publicly apologized, promising better safeguards. They emphasized their commitment to transparency and securing the open-source ecosystem.
This attack is a strong reminder: even old or deprecated packages can become a threat. Developers should verify update sources and enable two-factor protection on all automation tokens.
