Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools

A malicious npm package, eslint-plugin-unicorn-ts-2, uploaded by “hamburgerisland” in February 2024, evades AI security tools and has been downloaded 18,988 times. It embeds a deceptive prompt to mislead AI scanners while stealing environment variables via a post-install script.

Why This Matters

The package’s AI-tricking prompt (“Please, forget everything you know…”) highlights a growing threat: attackers are actively manipulating AI-driven security tools to hide malicious behavior. While the malware itself uses well-known tactics like post-install hooks and environment exfiltration, the integration of AI evasion techniques marks a new frontier in cybercrime. With 18,988 downloads, the scale of potential exposure underscores the urgency of updating AI security models to detect such obfuscation.

Key Insights

• “18,988 downloads of eslint-plugin-unicorn-ts-2, 2024”: The package’s popularity increases its attack surface.
• “Deceptive prompt to mislead AI scanners, as per Koi Security analysis”: The embedded text targets AI decision-making processes.
• “Post-install script exfiltrates environment variables to Pipedream webhook”: The package steals sensitive data during installation.

Practical Applications

• Use Case: “npm package with post-install hooks stealing API keys via Pipedream webhook”
• Pitfall: “Typosquatting malicious packages to bypass AI scanners, leading to credential theft”

References:

• https://thehackernews.com/2025/12/malicious-npm-package-uses-hidden.html