---
title: "Stardrop Malware: NPM supply chain attack targets AI & VC"
description: "A sophisticated NPM supply chain attack dubbed Stardrop is targeting AI companies, venture capital firms, and luxury brands. Learn about the 200+ malicious packages, binary payloads, and IOCs involved in this ongoing credential-harvesting campaign."
canonical_url: "https://cloudsmith.com/blog/stardrop-npm-campaign"
last_updated: "2026-04-14T11:36:59.682Z"
---
# Stardrop Malware: NPM supply chain attack targets AI & VC

The team at **OpenSourceMalware** have identified a new software supply chain attack on the `npm` ecosystem - dubbed “[**stardrop**](https://opensourcemalware.com/blog/stardrop-attack)”. A series of malicious packages are masquerading as a new AI coding agent called `stardrop` - which were last published by the `npm` registry user [**arihant1**](https://www.npmjs.com/~arihant1) 5 days ago, and have since [**been removed from the registry**](https://www.npmjs.com/package/stardrop).



According to the OSM [**community threat database**](https://opensourcemalware.com/npm/stardrop), the malicious package was reported minutes after being identified as containing a malicious payload on the **9th of April**. Since the `npm` community did a great job in removing these suspicious packages from the registry so quickly, the `OSV` & `GHSA` advisories weren’t able to classify these packages in time. But that’s okay, since they have successfully been removed and pose no threat right now.  
  
OSM scanned the binaries, and the payload appears to be infostealers focused on cloud and AI credential harvesting across `AWS EC2` and `Cloudflare R2` storage. These payloads are adjusted for Windows and MacOS environments. A list of [**affected npm packages**](https://opensourcemalware.com/?search=%23stardrop) are listed below:



```json
{
  "_key": "294c51154fb2",
  "_type": "code",
  "code": "A16z,abudhabi,acr-agent,addisababa,agentcoder,ai-pair,\nallahabad,anaheim,andreessen,anyscale,appsmith,arbitrum,\narlington,asuncion,baltimore,bamako,bareilly,barnaul,baserow,\nbelfast,belgrade,berachain,bessemer-vc,bhopal,bhubaneswar,\nbilbao,bito-ai,bolt-new,brussels,cardiff,cerebras-ai,chennai,\ncline-ai,cnvrg,coatue,cocopilot,codeassistant,codebooga,\ncodecompanion,codeium,codemate,codepartner,codeqwen,\ncoderabbit,coderabbit-ai,codiga-ai,cody-ai,coimbatore,\ncontinue-dev,coreweave,cortana,coveragent,cursor-ai,\ndafny,dehradun,determined-ai,devika,dfjgrowth,dongguan,\ndragonfly-vc,eindhoven,faridabad,felicis-vc,fireworks-ai,\nfoshan,founders-fund,foundersf,frankfurt,fukuoka,\ngangtok,ggv-capital,ghaziabad,ghostty-cli,givenchy,\ngothenburg,groq-ai,gurgaon,guwahati,hamburg,hanover,\nhelix-editor,howrah,huggingface-cli,imphal,inflection-ai,\ninstacart,irkutsk,isabelle,islamabad,jacksonville,jodhpur,\njohannesburg,kamatera,kampala,kanpur,khartoum,khosla-vc,\nkinshasa,kolkata,lamborghini,lapaz,lapce-editor,lille,\nlmstudio-cli,louisville,louisvuitton,lovable-ai,luanda,\nlucknow,lux-capital,madrid,madurai,mangalore,marseille,\nmatrixpartners,midjourney-ai,milwaukee,mogadishu,\nmosaic-ml,multicoin-vc,munich,nashik,northface,nusmv,\nohmyzsh,omaha,paperspace,paradigm-vc,patagonia,\nphiladelphia,polychain,pondicherry,qingdao,rajkot,\nredpoint-vc,reebok,rewind-ai,ribbit-capital,riyadh,\nrunpod,sacramento,saintpetersburg,sanjose,santaana,\nseville,shenyang,smol-developer,socialcapital,\nsourcepilot,sourcery-ai,squarespace,srinagar,starcoder,\nstardrop-darwin-x64-baseline,stardrop-linux-arm64,\nstardrop-linux-arm64-musl,stardrop-linux-x64,\nstardrop-linux-x64-musl,stardrop-windows-x64,\nstardrop-windows-x64-baseline,strasbourg,stuttgart,\nsupermaven,supermaven-ai,tabby-ai,tabnine-ai,\ntaskweaver,tianjin,tirupati,tiruppur,tolyatti,\ntooljet,trivandrum,ujjain,upstartportal,utrecht,\nv0-dev,vadodara,valentino,varanasi,versace,vijayawada,\nvisakhapatnam,warp-terminal,warsaw,webflow,wichita,\nwindsurf-ai,wizardcoder,ycombinator,zaragoza,zed-editor",
  "filename": null,
  "language": "text",
  "markDefs": null
}
```



As always, if you’re a Cloudsmith user, you can apply age-based ([**cooldown**](https://cloudsmith.com/changelog/upstream-publish-date-added-for-additional-formats)) policies to block newly published packages. In the case of the stardrop campaign, the malicious npm packages were all removed less than a day after the campaign began.



Blocking packages that are less than **X number of days old** is one of the most effective ways to stop this class of attack, giving security researchers (like our friends at OSM) time to identify the suspicious payload. In 2025, _99% of malicious npm packages were identified and officially verified within 72 hours_, so implementing a simple cooldown policy significantly reduces this kind of attack vector.
