Cybersecurity researchers reveal 7 npm packages published by a single threat actor targeting crypto users

Cybersecurity researchers have revealed a set of seven npm packages published by a single threat actor. These packages use a cloaking service called Adspect to distinguish between real victims and security researchers, ultimately redirecting them to sketchy, crypto-themed sites.

The malicious npm packages were published by a threat actor named “dino_reborn” between September and November 2025. The packages include signals-embed (342 downloads), dsidospsodlks (184 downloads), applicationooks21 (340 downloads), application-phskck (199 downloads), integrator-filescrypt2025 (199 downloads), integrator-2829 (276 downloads), and integrator-2830 (290 downloads).

Adspect poses as a cloud-based service that safeguards ad campaigns

According to its website, Adspect advertises a cloud-based service designed to protect ad campaigns from unwanted traffic, including click fraud and bots from antivirus companies. It also claims to offer “bulletproof cloaking” and that it “reliably cloaks each and every advertising platform.”

It offers three plans: Ant-Fraud, Personal, and Professional, which cost $299, $499, and $999 per month. The company also claims users can advertise “anything you want,” adding that it follows a no-questions-asked policy: we do not care what you run and do not enforce any content rules.”

Socket security researcher Olivia Brown stated, “Upon visiting a fake website constructed by one of the packages, the threat actor determines if the visitor is a victim or a security researcher […]If the visitor is a victim, they see a fake CAPTCHA, eventually bringing them to a malicious site. If they are a security researcher, only a few tells on the fake website would tip them off that something nefarious may be occurring.”

AdSpect’s ability to block researchers’ actions in its web browser

Out of these packages, six have a 39kB piece of malware that hides itself and makes a copy of the system’s fingerprint. It also attempts to evade analysis by blocking developer actions in a web browser, which prevents researchers from viewing the source code or launching developer tools.

The packages take advantage of a JavaScript feature called “Immediately Invoked Function Expression (IIFE).” It allows the malicious code to be executed immediately upon loading it in the web browser.

However, “signals-embed” does not have any malicious functionality outright and is designed to construct a decoy white page. The captured information is then sent to a proxy (“association-google[.]xyz/adspect-proxy[.]php”) to determine if the traffic source is from a victim or a researcher, and then serve a fake CAPTCHA.

After the victim clicks on the CAPTCHA checkbox, they are redirected to a bogus crypto-related page that impersonates services like StandX, with the likely goal of stealing digital assets. But if the visitors are flagged as potential researchers, a white fake page is displayed to the users. It also features HTML code related to the display privacy policy associated with a fake company named Offlido.

This report coincides with the Amazon Web Services report. It stated that its Amazon Inspector team identified and reported more than 150,000 packages linked to a coordinated TEA token farming campaign in the npm registry that has its origins in an initial wave that was detected in April 2024.

“This is one of the largest package flooding incidents in open source registry history, and represents a defining moment in supply chain security,” researchers Chi Tran and Charlie Bacon said. “Threat actors automatically generate and publish packages to earn cryptocurrency rewards without user awareness, revealing how the campaign has expanded exponentially since its initial identification.”

Source