Researchers at SafeDep have uncovered 36 malicious npm packages in the registry disguised as Strapi CMS plugins — each executing an 11-phase automated attack on installation that exploits Redis and PostgreSQL databases, harvests credentials and cryptographic keys, maps internal network topology, steals Docker and Kubernetes secrets, dumps cryptocurrency wallet files, and deploys a persistent backdoor implant. The packages were published by four sock puppet accounts over a 13-hour window and have since been removed from the npm registry. This cybersecurity discovery arrives in the wake of the North Korean Axios npm supply chain attack and represents a continuation of the sustained assault on the npm ecosystem that has made it the single most heavily targeted open source registry in 2026. In the same disclosure, Aikido researchers also reported malicious VS Code extensions — including three dormant extensions updated in March 2026 after years of inactivity to deploy backdoors — adding another dimension to the ongoing supply chain threat.
Affected products
- ·All 36 malicious npm packages starting with strapi-plugin- published by accounts umarbek1233, kekylf12, tikeqemif26, and umar_bektembiev1 — all now removed from npm registry
- ·Strapi CMS deployments on Linux servers using Redis and PostgreSQL
- ·Docker and Kubernetes environments running Strapi in containers
- ·Additionally: VS Code extensions — solidity-macos, solidity-windows, solidity-linux by IoliteLabs (27,500 installs, updated March 25, 2026 to deploy backdoor) and multiple versions of KhangNghiem/fast-draft on Open VSX
How to Fix
Step-by-step remediation
The first action is confirming whether your project installed any of the malicious packages. Run npm list | grep strapi-plugin- and check whether any result is unscoped — meaning it appears as strapi-plugin-something rather than @strapi/plugin-something. Inspect your package-lock.json for entries from the four sock puppet accounts. If you find a malicious package, do not just uninstall it — the postinstall script already executed on the first npm install and the damage is done. Rotate every credential accessible from that environment: .env file contents, database passwords, SSH private keys, AWS credentials, GitHub tokens, Stripe API keys, and any other secrets. Audit your Redis logs for the INFO, DBSIZE, and KEYS command patterns. Audit your PostgreSQL access logs for queries matching the cryptocurrency column patterns the malware specifically targets. Check for the persistent implant by looking for unexpected background processes or outbound connections from your Strapi server. For VS Code — check your extension list for the IoliteLabs solidity extensions and remove them. Check your Open VSX extensions for the affected fast-draft versions.
What happened
The 36 malicious packages demonstrate a high degree of familiarity with the Strapi CMS ecosystem and its developer community. Every package followed the same construction — three files (package.json, index.js, postinstall.js), no description, no repository link, no homepage, and a version number of 3.6.8 chosen specifically to impersonate a mature Strapi v3 community plugin. All packages followed the strapi-plugin- naming convention with phrases like "cron," "database," and "server" appended — terms that appear throughout the legitimate Strapi plugin ecosystem. The critical information security distinction that developers must know is that official Strapi plugins are scoped under @strapi/ — any unscoped strapi-plugin-* package is not from the official Strapi organisation. The packages were published by four sock puppet accounts — umarbek1233, kekylf12, tikeqemif26, and umar_bektembiev1 — over 13 hours on April 3, 2026. The choice of Strapi as the impersonation target is deliberate from a data security perspective — Strapi deployments routinely use Redis for caching and session storage, and PostgreSQL for persistent data storage, giving a successful attacker access to two high-value data stores in addition to the application server itself.
Real-World Impact
The digital security implications of this campaign extend well beyond the individual developer who runs npm install. A successful compromise of a Strapi production server gives the attacker access to the application's entire data ecosystem — the Redis cache containing session tokens and API responses, the PostgreSQL database containing user records and application data, and the container environment containing cloud provider credentials and orchestration secrets. The Guardarian database targeting is particularly notable — Guardarian is a cryptocurrency exchange platform, and the hard-coded connection attempts against six Guardarian-specific database names suggest the attacker has prior knowledge of internal Guardarian infrastructure, implying either a prior breach of Guardarian or an insider threat component. The combination of the Axios npm supply chain attack, the GlassWorm ForceMemo campaign, the React2Shell exploitation wave, and now these 36 Strapi packages represents what Mandiant CTO Charles Carmakal warned about — a cascading series of supply chain compromises whose stolen secrets will fuel further attacks over the coming months. The computer security community is dealing with a coordinated, sustained offensive against the JavaScript ecosystem's trust infrastructure.
🛡️ Prevention Tips
The 36-package campaign exploits the same fundamental trust vulnerability that every supply chain attack targets — developers install packages without verifying publisher identity. The prevention is straightforward in principle but requires discipline in practice. For Strapi specifically: every legitimate official Strapi plugin is scoped under @strapi/. If a strapi-plugin-* package is not scoped, it is not from Strapi. Full stop. For npm generally — check the publisher account before installing any package, particularly those with no repository link, no homepage, no description, and a suspiciously clean version number. Consider implementing a minimum package age policy — several security tools now offer a 24-hour cooldown before allowing installation of newly published packages, which would have blocked all 36 of these packages since they were published and removed within the same day. For VS Code extensions — the dormant-then-weaponised pattern of the IoliteLabs extensions demonstrates that extension age and install count are no longer reliable trust signals. Audit your installed extensions regularly and prioritise extensions from the official VS Code Marketplace over Open VSX where possible.
FAQs
How do I tell the difference between a legitimate Strapi plugin and a malicious one?
All official Strapi plugins are published under the @strapi/ scope — they appear as @strapi/plugin-name in your package.json. Any package that appears as strapi-plugin-name without the @strapi/ scope prefix is not from the official Strapi organisation and should be treated with extreme caution. Always verify the publisher account and check for a linked GitHub repository before installing any Strapi plugin.
The packages have been removed from npm — does that mean I am safe?
Only if you never installed them. Removal from the npm registry does not undo postinstall scripts that already executed on your server. If you ran npm install between April 3 and April 4, 2026 and any of the 36 packages were in your dependency tree, the 11-phase attack script already ran. Check your package history and rotate credentials if there is any doubt.
What is the Guardarian connection and why does it matter?
Guardarian is a cryptocurrency exchange. The malware hard-codes connection attempts to six specific Guardarian database names — strongly suggesting the attacker already has knowledge of Guardarian's internal infrastructure from a prior compromise or insider access. If you are connected to Guardarian in any way, this is a significant red flag worth investigating further.
My VS Code has the IoliteLabs solidity extension installed — what should I do?
Uninstall it immediately via the VS Code Extensions panel. The extension was updated on March 25, 2026 to deploy a multi-stage backdoor. If you launched VS Code after that date with the extension installed, assume your development environment may be compromised and rotate credentials accessible from that machine. Also check for unexpected processes or outbound connections.
Read Next
Threat Watch
axios · npm
North Korea's UNC1069 Backdoored Axios npm Package — 183 Million Weekly Downloads Exposed to WAVESHAPER.V2 Backdoor
cve 2026 34040 · docker
CVE-2026-34040: Docker AuthZ Plugin Bypass Lets Attackers Escape Containers and Gain Full Host Access — AI Agents Can Trigger It Automatically
north korea · dprk
$285 Million Drift Hack: North Korea's UNC4736 Spent Six Months Building Trust Before Draining Everything in 10 Seconds
cve 2026 3055 · cve 2026 4368
CVE-2026-3055: Citrix NetScaler Critical Flaw Leaks Sensitive Memory — Patch Immediately Before Exploitation Begins
Last updated: April 5, 2026