In early 2025, the AdaptixC2 post-exploitation framework surfaced, presenting a significant threat as an alternative to Cobalt Strike. By October 2025, Kaspersky identified a dangerous npm package, https-proxy-utils, masquerading as a proxy utility, which had been taken down after its discovery. This malicious package mimicked legitimate counterparts with millions of downloads and contained a post-install script that deployed the AdaptixC2 agent across multiple operating systems, including Windows, macOS, and Linux.
The agent, once installed, allowed attackers to execute commands, manage files, and ensure persistent access to compromised devices. This incident underscores a disturbing trend where threat actors misuse trusted open-source repositories to distribute malicious software anonymously. Users of ecosystems like npm are urged to exercise caution with new or less-respected packages and to remain informed about recent threats, emphasizing the importance of verifying package identities and monitoring for vulnerabilities.
👉 Pročitaj original: Kaspersky Securelist
