Which versions of @glitchpad/throttler are malicious?

The following npm versions of @glitchpad/throttler are flagged malicious: 2.1.1, 2.2.1, 2.2.2, 2.2.3, 2.2.4. Treat any of these as compromised.

How do I remediate @glitchpad/throttler if I installed it?

@glitchpad/throttler is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.

I already installed @glitchpad/throttler — how do I know if it already compromised me?

If @glitchpad/throttler was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.

Is @glitchpad/throttler part of a known attack campaign?

Yes — @glitchpad/throttler is associated with the IN-MAL-2026-007328, IN-MAL-2026-007320, IN-MAL-2026-007321, IN-MAL-2026-007322, IN-MAL-2026-007324 campaign. Packages in the same campaign often share infrastructure and payloads, so check whether any related packages are also in your dependency tree.

How do I find @glitchpad/throttler across my projects, lockfiles, and CI pipelines?

Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for @glitchpad/throttler (5 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging @glitchpad/throttler across your stack and pipelines.

Malicious package

@glitchpad/throttlernpm

Malicious code in @glitchpad/throttler (npm) Remove it immediately and rotate any exposed credentials.

MAL-2026-6307

Immediate action

Remove the package, then rotate any secrets the build/runtime could reach.

npm uninstall @glitchpad/throttler

What this malware does

@glitchpad/throttler (malicious version 2.2.3, published by [email protected]) is a trojanized npm package belonging to the wshu.net credential-stealer campaign. The campaign published trojanized look-alike utility packages across 12+ scopes whose publisher accounts all follow the pattern <scope>-<6 random chars>@wshu.net, with every scope created on June 4, 2026 in a ~40-minute burst. This package masquerades as a throttler utility and ships real, working utility code so it passes a glance, while bundling a much larger malicious payload at primer.cjs. package.json declares a postinstall hook ("node ./primer.cjs") that runs the payload automatically on npm install. The payload is heavily obfuscated with javascript-obfuscator (hex-named identifiers, a while (!![]) array-rotation IIFE, base64+RC4 string decoding, control-flow flattening, and runtime-decrypted module resolution to stay out of the static module graph). At runtime it is a Chromium browser credential stealer: it reads Chromium Cookies and Login Data and decrypts saved passwords protected by AES-256-GCM (the v10/v11 app-bound key schemes), then exfiltrates them over HTTPS using a spoofed Mozilla/5.0 user agent. The payload blob is byte-identical to @lazyutil/[email protected] from the same campaign. Malicious payload primer.cjs SHA-256: 68b4fe54a4c05cd0115535ebd4aa8d3cccb03ea5a685f440314814ba1b89e875.

package.json declares postinstall: node./primer.cjs. primer.cjs is a 262 KB heavily obfuscated loader (RC4-decoded string array of 1176 entries, control-flow flattening, self-defending anti-debugger regex trap on Function.prototype.toString) that AES-256-GCM-decrypts a hardcoded URL at runtime, performs an HTTPS request with redirect following, writes the response bytes to a temp file, and then spawns a detached Node process against that file (spawn(process.execPath, [tmp], {detached:true, stdio:'ignore'})). The fetched bytes are opaque and the destination is only revealed after runtime decryption. The same dropper is also reachable from the public library API: index.cjs's addToQueue calls require('./primer.cjs').runPrepare?.() on every queue add, so the payload also fires the first time a consumer uses the advertised throttler — defeating the npm install --ignore-scripts mitigation. Publisher metadata is throwaway-shaped (ProtonMail author email, repository pointing at an unrelated personal experiments repo). The package's advertised purpose is an async throttle utility; there is no legitimate reason for it to ship an obfuscated encrypted-URL dropper.

Malicious versions

5 flagged

2.1.12.2.12.2.22.2.32.2.4

Indicators of compromise (SHA-256)

173ec2afb1c6877fc445a5600ee03b15c557b7ae4d996f166e01f5983a4b904c

60ffa9bdf180aec157894e395106c8dd7f18fa1f83ff9828d94a9070dbf8cc2e

eb099dd3861e133ea9bdb606f2b5d9b90697242ae93bb412d7c9523218510ac3

1af6a5618ebe31fb7a247f46424420713e5621659b3ba30666696240e4e90847

4d1c3bfa0648adaa32e18654724f554654c0068d631f3631bdf9d3974b69920c

Detection & response playbook

Credential / info stealer

Find it
Scan your lockfiles (package-lock.json, pnpm-lock.yaml, yarn.lock, requirements.txt, poetry.lock, etc.) and build artifacts for @glitchpad/throttler (5 malicious versions). O3 Security's supply-chain scanner checks every dependency against known-malicious package intelligence at install time and in CI, flagging @glitchpad/throttler across your stack and pipelines.
If you installed it — respond
@glitchpad/throttler is built to steal secrets, so assume every credential the build or runtime could read is compromised. Remove it from your project and lockfile, then rotate ALL exposed secrets — npm/registry tokens, cloud keys, CI/CD secrets, SSH keys, and any .env values — from a known-clean machine. Audit logs for unauthorized use of those credentials.
Did it already run?
If @glitchpad/throttler was ever installed, its post-install/runtime payload may have already executed. O3's L7 egress monitoring and runtime eBPF sensors detect the credential exfiltration or command-and-control callback after install and block the malicious outbound channel, so you catch and contain the actual compromise — not just the presence of the package.
How O3 protects you
O3 blocks @glitchpad/throttler before install through its supply-chain scanner, and if it has already run, detects and severs the exfiltration or C2 callback at runtime through L7 egress monitoring and eBPF.

Frequently asked questions

No. @glitchpad/throttler on npm has been identified as a malicious package (versions 2.1.1, 2.2.1, 2.2.2, 2.2.3, 2.2.4 flagged). It should be removed immediately — do not install or keep it in your dependency tree.

Campaign

IN-MAL-2026-007328IN-MAL-2026-007320IN-MAL-2026-007321IN-MAL-2026-007322IN-MAL-2026-007324

References

Credits

Amazon Inspector · finder
SafeDep · finder

Detect & block this

O3 blocks @glitchpad/throttler-class packages before install and in CI — and if it already ran, its runtime egress monitoring catches the credential exfiltration and severs the channel.

Malware detection Runtime egress monitoring