PhantomRaven Malware Found in 126 npm Packages Stealing GitHub Tokens From Devs

October 30, 2025 1 min read ● SkillMX Editorial Desk

The campaign has been codenamed PhantomRaven by Koi Security. Over 100 malicious packages can steal authentication tokens, CICD secrets, and GitHub credentials. The activity is assessed to have begun in August 2025.