Security researchers at Kaspersky identified a malicious npm package, https-proxy-utils, masquerading as a proxy utility and abusing npm lifecycle scripts to deploy AdaptixC2 across Windows, macOS, and Linux. Although the package has been removed from npm, the incident highlights persistent weaknesses in open-source software supply chains and the growing abuse of post‑install hooks to gain initial access.
Package impersonation: exploiting developer trust and typosquatting
The package name https-proxy-utils was designed to resemble legitimate libraries such as http-proxy-agent and https-proxy-agent, which collectively receive tens of millions of downloads weekly. This tactic—often called typosquatting or contextual impersonation—relies on developers pulling familiar‑looking dependencies without closely inspecting the publisher, repository history, or code.
Inside, a postinstall script fetched and executed AdaptixC2, establishing a command‑and‑control (C2) foothold capable of remote tasking, file operations, and persistence. Lifecycle scripts run automatically during dependency installation, making them a high‑leverage vector for adversaries targeting developer machines and build agents.
AdaptixC2: legitimate red team tooling with abuse potential
AdaptixC2 is an extensible post‑exploitation framework introduced in 2024, featuring a Go‑based server and a C++/Qt client with cross‑platform support for Windows, Linux, and macOS. Like other C2 platforms used by red teams, it is dual‑use and has been observed in real‑world intrusions in 2025. The broader trend mirrors prior abuse of frameworks such as Cobalt Strike and Havoc, where freely available or leaked tooling is repurposed by threat actors.
Technical breakdown: cross‑platform persistence and execution
Windows: DLL sideloading via a trusted binary
On Windows, the payload was stored under C:\Windows\Tasks and launched using DLL sideloading—a technique that coerces a legitimate executable to load a malicious DLL with a matching name. The script copied msdtc.exe into the same directory and executed it, causing the trusted binary to load the attacker‑controlled DLL. This approach complicates detection by blending malicious activity with a signed, legitimate process.
macOS: LaunchAgents with architecture‑specific binaries
On macOS, the malware dropped its components into ~/Library/LaunchAgents and installed a plist for automatic execution. The script determined the host architecture (x64 or ARM) and retrieved the appropriate binary, ensuring reliable execution across Apple silicon and Intel systems.
Linux: hidden temporary paths and execute permissions
On Linux, the agent was staged in /tmp/.fonts-unix, a hidden directory commonly abused for stealth and short‑lived payloads. The script set execute permissions and selected the binary per system architecture, enabling immediate operator control and persistence mechanisms depending on follow‑on actions.
Why this matters: escalating open-source supply chain attacks
The case reinforces a steady rise in open-source supply chain attacks using public registries as an initial access vector. Notable precedents include event-stream (2018), UAParser.js (2021), and the IconBurst campaign (2022). Adversaries increasingly combine social engineering (package impersonation) with living‑off‑the‑land techniques like DLL sideloading to evade static checks and signature‑based detection.
Developer workstations and CI/CD runners are high‑value targets: compromising them enables credential theft, source code tampering, and downstream infiltration. Because lifecycle scripts execute during installation, traditional code reviews or repository scans alone are insufficient; behavioral telemetry and integrity verification are required.
Risk reduction: practical controls for Dev, Sec, and IT operations
- Enforce dependency governance: lock files, pinned versions, and allow‑lists for critical packages.
- Adopt artifact signing and integrity verification (e.g., npm integrity, Sigstore, SLSA) across the build chain.
- Restrict npm lifecycle scripts by default in CI/CD; allow only vetted packages and consider sandboxed installation.
- Monitor developer and build hosts for anomalous outbound connections and unexpected process trees.
- Deploy EDR/XDR with detections for DLL sideloading, unauthorized LaunchAgents, and execution from hidden/temp paths.
- Inventory autoruns regularly and audit permissions on system directories.
- Train developers to spot typosquatting and verify publishers, GitHub links, and release histories before adoption.
The https-proxy-utils incident demonstrates how quickly attackers can capitalize on trust in open ecosystems. Strengthening dependency verification, enabling artifact signing, and adding behavioral monitoring to developer and CI/CD environments can break the kill chain before C2 tooling is deployed. Review your policies for post‑install scripts and persistence mechanisms on engineering endpoints—small process changes substantially shrink the attack surface.
