In this episode, we break down the recent compromise of the rand-user-agent NPM package—an attack that quietly turned a once-trusted JavaScript library into a delivery mechanism for a Remote Access Trojan (RAT). The attacker exploited the package’s deprecated but still-popular status, publishing malicious versions that never appeared in the GitHub repo.
We discuss how the threat actor used obfuscated code, off-screen whitespace tricks, and a Windows-specific PATH hijack to hide their RAT, which established a command-and-control (C2) channel capable of remote shell access, file uploads, and command execution. You’ll also hear how this incident fits into broader trends of CI/CD pipeline poisoning and software supply chain attacks—and what developers, security teams, and enterprises should do to avoid being the next target.