Someone is actively publishing fake Strapi plugins to npm right now, and if you've installed any community Strapi packages in the last day, you need to check your systems immediately.

The attack is sophisticated, targeted, and executing within seconds of installation. No user interaction required. Just run npm install and you're compromised.

How the attack works

The attacker published malicious packages disguised as legitimate Strapi CMS plugins. The packages have names like strapi-plugin-events that look like genuine community plugins. They even use version numbers like 3.6.8 to blend in with real packages.

The moment you run npm install, a postinstall script executes automatically. No need to import the package or call any functions. Installation itself triggers the attack.

What happens next is an 11-phase assault. The attack systematically harvests everything: all .env files, JWT secrets, database credentials, Redis keys, Docker and Kubernetes secrets, SSH private keys, and cryptocurrency wallet files.

But here's what makes this particularly nasty: the malware opens a 5-minute live command-and-control session for arbitrary shell execution. During that window, the attacker can run any commands they want on your server.

Persistence mechanisms

The attack doesn't just steal and disconnect. It installs backdoors. It writes agents with crontab persistence, creates webshells when it detects production hostnames, establishes reverse shells on ports 4444 and 8888, and uses Redis CONFIG SET to write crontab entries and SSH keys.

Even after you remove the malicious package, the backdoors remain.

Why this attack is particularly dangerous

Legitimate Strapi plugins are always scoped under the @strapi/ namespace. Anything unscoped claiming to be a Strapi plugin is automatically suspicious.

But developers installing community plugins often don't check the scope carefully. They see "strapi-plugin-something" and assume it's legitimate. The attacker is exploiting that trust.

The npm account publishing these packages is still active. npm's malware detection didn't catch it. The community discovered it.