Verdict:MALICIOUS — Full infostealer targeting Windows credentials

▸Overview

Typosquat of the popular undici HTTP client. Ships a 584KB obfuscated payload that uses @primno/dpapi to decrypt Windows saved passwords, sqlite3 to read browser credential databases, screenshot-desktop to capture screen, and ws for WebSocket exfiltration. Targets Discord tokens, Telegram sessions, crypto wallet files, and webhook credentials. Full infostealer targeting Windows development machines.

584KB

Payload Size

4

Malicious Deps

5+

Data Targets

Windows

Target OS

▸Attack Flow

Typosquat

Package name 'undicy-http' mimics the popular 'undici' HTTP client. Developers installing via typo get the stealer.

DPAPI Extraction

Uses @primno/dpapi native module to decrypt Windows Data Protection API stored credentials — browser passwords, saved logins.

Browser DB Read

sqlite3 dependency reads Chrome/Edge credential databases directly from disk after DPAPI decryption.

Multi-Target Exfil

Steals Discord tokens, Telegram session files, crypto wallet data. Takes screenshots via screenshot-desktop. Exfiltrates over WebSocket.

▸MITRE ATT&CK Mapping

T1555.003Credentials from Web Browsers — DPAPI + sqlite3

T1113Screen Capture — screenshot-desktop

T1539Steal Web Session Cookie — Discord/Telegram tokens

T1036.005Masquerading — typosquat of undici

▸Tags

TyposquatDPAPIInfostealerWindowsDiscordCrypto

▸Full Report

Windows Infostealer: undicy-http

TL;DR

undicy-http@3.0.2 is a typosquat of the Node.js undici HTTP client. It ships a single 584KB fully obfuscated index.js file containing a Windows infostealer with DPAPI password decryption, browser credential theft (Chrome/Edge), screenshot capture, Discord and Telegram token theft, cryptocurrency wallet extraction, and webhook-based data exfiltration. It declares 10 phantom dependencies (never imported via require/import) that are instead bundled into the obfuscated blob — including @primno/dpapi, sqlite3, and koffi, all of which have native install lifecycle scripts.

Package Info

Field	Value
Name	undicy-http
Version	3.0.2
Impersonates	undici (Node.js HTTP client)
Maintainer	consolelofy (duba70015@gmail.com)
Versions	6 (since 2026-03-29)
License	ISC
Package Manager	pnpm@10.8.0
Build Target	node20-win-x64 (Windows only)
Published	2026-03-29
Risk Score	910 (filter: 40, scanner: 870)

Dependencies (The Infostealer Toolkit)

Dependency	Imported in Source?	Purpose
@primno/dpapi	NO (phantom)	Windows DPAPI password decryption (has `install` lifecycle)
sqlite3	NO (phantom)	Read Chrome/Edge credential databases (has `install` lifecycle)
screenshot-desktop	NO (phantom)	Desktop screenshot capture
koffi	NO (phantom)	Foreign function interface for native APIs (has `install` lifecycle, contains `eval()`)
adm-zip	NO (phantom)	Archive stolen data
archiver	NO (phantom)	Archive stolen data
form-data	NO (phantom)	Upload exfiltrated data
rcedit	NO (phantom)	Edit Windows PE resources
crypto	NO (phantom)	Encryption operations
vm	NO (phantom)	JavaScript VM execution
axios	Yes (in blob)	HTTP client for exfiltration
ws	Yes (in blob)	WebSocket communication
fs	NO (phantom)	Filesystem access

All 10 phantom dependencies are bundled into the obfuscated index.js rather than imported normally, making static analysis impossible.

Evidence

1. Massive Obfuscated Single File

index.js is a single line of 584,471 characters — fully obfuscated with javascript-obfuscator using _0x hex-encoded variable patterns:

const a0_0x1c4de2=a0_0x8079;function a0_0x8079(_0x5098c7,_0x3d8e09){
  _0x5098c7=_0x5098c7-0x16b;const _0x2fdbfc=a0_0x2fdb(...

2. Windows DPAPI Credential Decryption

Scanner detected browser_chrome_creds rule. The package references DPAPI (Windows Data Protection API) for decrypting browser-stored passwords. The @primno/dpapi dependency provides native bindings for CryptUnprotectData, which Chrome uses to encrypt saved credentials on Windows.

3. Browser Credential Theft

From static analysis of the obfuscated code, the package targets:

Login Data — Chrome/Edge saved passwords (SQLite database)
Cookies — Browser session cookies
Local State — Chrome master key for decryption
9 distinct references to browser credential paths detected

4. Screenshot Capture

7 references to screenshot functionality detected. The screenshot-desktop dependency captures the user's desktop, likely to photograph open banking/crypto interfaces.

5. Discord Token Theft

19 references to Discord detected. Targets Discord's local storage for authentication tokens, enabling full account takeover.

6. Telegram Session Theft

10 references to Telegram detected. Steals Telegram session files, allowing the attacker to clone the victim's Telegram account.

7. Cryptocurrency Wallet Extraction

70 references to wallet-related strings detected. This is the primary payload target — extracting seed phrases, private keys, and wallet data from browser extensions and desktop wallet applications.

8. Webhook Exfiltration

5 references to webhook endpoints detected. Stolen data is sent to attacker-controlled webhook URLs (likely Discord webhooks) for collection.

9. Phantom Dependencies with Native Lifecycle Scripts

Three phantom deps have install lifecycle scripts that compile native code:

@primno/dpapi: install: "exit 0" (pre-built binaries)
koffi: install: "node src/cnoke/cnoke.js -P . -D src/koffi --prebuild" (also contains eval())
sqlite3: install: "prebuild-install -r napi || node-gyp rebuild"

10. Windows-Only Build Target

The pkg configuration targets node20-win-x64 exclusively:

"pkg": {
  "targets": ["node20-win-x64"],
  "assets": [
    "./node_modules/@primno/dpapi/prebuilds/win32-x64/@primno+dpapi.node",
    "./node_modules/sqlite3/build/Release/node_sqlite3.node"
  ]
}

This confirms the package is a Windows-specific infostealer, bundling native .node binaries for DPAPI and SQLite access.

MITRE ATT&CK Mapping

Technique	ID	Evidence
Supply Chain Compromise: Compromise Software Supply Chain	T1195.002	Typosquat of `undici` on npm
Obfuscated Files or Information	T1027	584KB single-line javascript-obfuscator output
Credentials from Password Stores: Credentials from Web Browsers	T1555.003	DPAPI decryption + Chrome Login Data/Cookies/Local State
Screen Capture	T1113	screenshot-desktop dependency, 7 references
Steal Application Access Token	T1528	Discord token theft (19 refs), Telegram session theft (10 refs)
Data from Local System	T1005	Cryptocurrency wallet extraction (70 refs)
Exfiltration Over Web Service: Exfiltration to Cloud Storage	T1567.002	Webhook-based exfiltration (5 refs)
Archive Collected Data	T1560	adm-zip + archiver dependencies
Masquerading: Match Legitimate Name or Location	T1036.005	Package name mimics `undici`
Command and Scripting Interpreter: JavaScript	T1059.007	Obfuscated JS with execSync, spawn
Native API	T1106	koffi FFI for Windows native API access
Unsecured Credentials: Credentials in Files	T1552.001	Reads browser SQLite databases directly

Verdict

Malicious — Full-Featured Windows Infostealer. This is a complete credential-stealing toolkit disguised as a typosquat of the popular undici HTTP client. It targets browsers (Chrome/Edge passwords, cookies), messaging apps (Discord, Telegram), and cryptocurrency wallets. The entire payload is obfuscated into a single 584KB line to prevent analysis. All critical dependencies are bundled as phantoms with native lifecycle scripts. This is production-grade malware.

Remediation

npm uninstall undicy-http
# Scan for compromise:
# - Rotate all browser-saved passwords
# - Revoke Discord/Telegram sessions
# - Move cryptocurrency to new wallets
# Install the real package:
npm install undici

Credits

Discovered by: Yuri Borges Martins
Tool: npm-sentinel (AI-Powered NPM Malware Hunter)
Date: 2026-04-03

← Previous

#013 AI Tool Skill Injection Campaign (4 Packages)

Next→

#015 npm Token Worm + ICP Blockchain C2

Windows DPAPI Password Stealer via Typosquat