Date: 04/14/2026
Severity: Medium
Summary
A threat campaign has published over 200 malicious packages to NPM, using names like “huggingface-cli,” “webflow,” and “codeium.” These packages pose as a new AI coding agent called “Stardrop,” which gives the campaign its name. Detection began on April 9, with an average of 40+ new packages appearing daily. Although NPM has been rapidly removing them, no OSV or GHSA advisories have been issued yet. Despite takedowns, the packages remain accessible through global CDNs and NPM mirrors, including in China and Europe.
Indicators of Compromise (IOC) List
Domains/URLs : | opncd.ai stardrop.dev p9ia72yajp.us-east-1.awsapprunner.com |
Hash : | d780fe3b635ff099682677f3c93e42d789e572926fd0db076c27e775bb109b06
18e8742fb6fb5e70c0c91823d72f5d9074be1d1cba1cbfc0eca75b5427e544da
646f3904ff03e64229f938ac23fa8bb79ed1658ee5aa0bee4aa8909f38f763cd
f2248973be75ce70b96424edb405d5a9af3c1fbca378566bfff3c0a0994d6f48
d70e7e37dfa4cf501cbd0ef6a236c84b
43f446a86f1fbee74a486185c6dc1d51
823f13d45fe0dd05d2f1ac4344d8ae75
29b31bb2a2c4fbe0c3cec2022562927c
|
Gurucul Threat Detection and Incident Response (TDIR) Queries for Detection
Detection Query 1 : | domainname like "opncd.ai" or url like "opncd.ai" or siteurl like "opncd.ai" or domainname like "stardrop.dev" or url like "stardrop.dev" or siteurl like "stardrop.dev" or domainname like "p9ia72yajp.us-east-1.awsapprunner.com" or url like "p9ia72yajp.us-east-1.awsapprunner.com" or siteurl like "p9ia72yajp.us-east-1.awsapprunner.com" |
Detection Query 2 : | sha256hash IN ("d780fe3b635ff099682677f3c93e42d789e572926fd0db076c27e775bb109b06","18e8742fb6fb5e70c0c91823d72f5d9074be1d1cba1cbfc0eca75b5427e544da","646f3904ff03e64229f938ac23fa8bb79ed1658ee5aa0bee4aa8909f38f763cd","f2248973be75ce70b96424edb405d5a9af3c1fbca378566bfff3c0a0994d6f48")
|
Detection Query 3 : | md5hash IN ("d70e7e37dfa4cf501cbd0ef6a236c84b","43f446a86f1fbee74a486185c6dc1d51","823f13d45fe0dd05d2f1ac4344d8ae75","29b31bb2a2c4fbe0c3cec2022562927c")
|
Reference:
https://opensourcemalware.com/blog/stardrop-attack