forge-jsxy npm RAT Steals Crypto Wallets and Leaves a Persistent Backdoor
6 min. read 
Published on
A malicious npm package called forge-jsxy has been used to steal cryptocurrency wallet data, browser secrets, developer credentials, screenshots, clipboard content, and system files from Windows, macOS, and Linux machines.
SafeDep says the package continued an earlier malicious campaign tied to forge-jsx after the original package was removed from npm. The new package shipped 22 versions between May 4 and May 26, 2026, under the maintainer account jacksonkaandorp2.
Access content across the globe at the highest speed rate.
70% of our readers choose Private Internet Access
70% of our readers choose ExpressVPN
Browse the web from multiple devices with industry-standard security protocols.
Faster dedicated servers for specific actions (currently at summer discounts)
The campaign stands out because the malware did not remain static. Each wave added new features, including WebRTC peer-to-peer channels, crypto wallet scanning, Chromium extension database theft, remote file browsing, and persistence that can survive a normal npm uninstall.
forge-jsxy Continued the Earlier forge-jsx Campaign
The campaign began with forge-jsx, a malicious package that posed as a Node.js integration layer for Autodesk Forge. After npm replaced forge-jsx with a security placeholder on May 4, the attacker returned within hours with forge-jsxy, keeping the same version number sequence and similar technical infrastructure.
The OSV advisory tracks forge-jsxy as malicious code in npm and says the package is part of the same campaign as forge-jsx. OSV also notes that it impersonates a legitimate Autodesk Forge SDK by using the same fake description.
Earlier SafeDep research on forge-jsx found that the original package deployed a multi-platform remote access trojan on non-CI machines. It captured keystrokes, monitored clipboard activity, scanned environment files, read shell history, and opened a WebSocket-based file browsing backdoor.
What Happens When a Developer Installs the Package
The infection starts during package installation. The malicious package uses npm’s postinstall lifecycle hook to run code automatically after install. On a developer machine, that hook deploys a hidden agent that begins collecting data and connecting back to attacker-controlled infrastructure.
The malware checks for continuous integration environments such as GitHub Actions, GitLab CI, Travis, CircleCI, Jenkins, and TeamCity. If it detects an automated build system, it can skip execution to avoid exposing itself during security scans or test runs.
On real developer machines, the agent can collect host information, monitor keystrokes, watch clipboard changes, search for secrets, and send data to a command-and-control server. That makes the package especially dangerous for developers who store API keys, cloud tokens, SSH credentials, or wallet files on their workstation.
Key forge-jsxy Capabilities
| Capability | What it targets | Risk |
|---|---|---|
| Crypto wallet scanning | Wallet files, seed phrases, private keys, and wallet-related data | Direct financial theft |
| Browser extension theft | Chromium extension databases across 21+ browsers | Wallet and session compromise |
| Keylogging | Typed credentials and secrets | Password and token exposure |
| Clipboard monitoring | Copied passwords, tokens, wallet addresses, and commands | Credential theft and wallet fraud |
| Screenshot capture | Desktop activity | Exposure of dashboards, chats, and sensitive documents |
| Remote file browsing | Local files and directories | Source code, keys, and documents can be exfiltrated |
| WebRTC data channels | Peer-to-peer attacker communication | Faster traffic path outside the main relay |
| Auto-upgrades | Installed malware agent | Attackers can push new versions silently |
The package evolved quickly. Early forge-jsxy versions carried the core RAT capabilities from forge-jsx. Later versions added screenshots sent through Discord webhooks, a web-based file explorer, WebRTC data channels, crypto scanning, and Chromium extension database harvesting.
On May 18, the operator reportedly pushed six versions in about ten hours, adding a cryptocurrency scanning framework. That scanner searched the file system for wallet material and validated possible finds before storing them in a hidden local vault.
By the final phase, the malware could harvest extension databases from Chrome, Edge, Brave, Opera, and other Chromium-based browsers. This matters because many crypto wallets, including browser wallet extensions, store sensitive operational data inside browser profiles.
Why npm Uninstall May Not Remove the Threat
The most dangerous part of forge-jsxy is its persistence. Starting with version 1.0.81, the malware copied its agent outside node_modules. That means removing the npm package may remove the dependency listing but leave the backdoor running.
SafeDep’s forge-jsxy analysis lists durable agent paths for Linux, macOS, and Windows, along with startup mechanisms such as systemd, LaunchAgent, Task Scheduler, and a Windows run key. The same report says stolen data flowed to the C2 server at 204.10.194.247 and attacker-controlled Hugging Face repositories.
| Platform | Persistence location | Startup method |
|---|---|---|
| Linux | ~/.local/share/cfgmgr/.forge-jsxy/ | systemd user service |
| macOS | ~/Library/Application Support/CfgMgr/data/.forge-jsxy/ | LaunchAgent |
| Windows | %LOCALAPPDATA%\CfgMgr\data\.forge-jsxy\ | Task Scheduler and registry run key |
The MAL-2026-3609 entry also says persistence survives reboots through platform-specific startup methods. It recommends treating the package as malicious from the point of installation, not only after an import in application code.
Developers Should Treat Secrets as Compromised
Any developer who installed forge-jsxy should treat the affected machine as compromised. A normal package removal is not enough because the agent may remain outside the project directory.
- Disconnect the affected machine from sensitive accounts and networks.
- Remove the durable agent directory for the operating system.
- Delete the related systemd service, LaunchAgent, Task Scheduler task, or Windows run key.
- Rotate API keys, cloud credentials, SSH keys, database passwords, and npm tokens.
- Review shell history and environment files for exposed secrets.
- Audit browser sessions and revoke suspicious logins.
- Move crypto funds to new wallets generated on a clean device.
- Check repositories and CI/CD systems for secrets that may have been copied from the workstation.
The earlier forge-jsx analysis gave similar guidance for developers who installed the predecessor package. It advised removing persistence entries, rotating secrets from environment files and shell history, and treating credentials typed or stored on the machine as exposed.
Why This Campaign Matters for the npm Ecosystem
Malicious packages often rely on quick typo-squatting, simple credential theft, and short-lived infrastructure. forge-jsxy looks different because it behaved more like an actively maintained software project, with many releases and a growing feature set.
The attacker also returned quickly after the original package was removed. That relaunch shows why registry takedowns help but do not fully solve supply chain malware. Developers and organizations still need dependency controls, package reputation checks, lifecycle-script monitoring, and fast incident response when a malicious package slips through.
Security teams should pay special attention to packages that run postinstall scripts, packages published by new maintainers, packages with vague descriptions, and packages that imitate popular SDKs. In this case, the fake Autodesk Forge description gave the malicious package a plausible reason to exist.
FAQ
forge-jsxy is a malicious npm package that continued the earlier forge-jsx RAT campaign. It posed as a Node.js integration layer for Autodesk Forge while deploying a cross-platform remote access trojan on developer machines.
forge-jsxy can steal browser and wallet-related data, environment files, shell history, clipboard content, screenshots, keystrokes, and developer secrets. Later versions also added crypto wallet scanning and Chromium extension database theft.
Not necessarily. Starting with later versions, forge-jsxy copied its agent outside node_modules and created startup entries. Developers should manually remove the durable agent directory and related startup service before considering the machine clean.
The malware is cross-platform and can affect Windows, macOS, and Linux systems. It uses different persistence methods for each operating system, including systemd, LaunchAgent, Task Scheduler, and Windows run keys.
Developers should remove persistence entries, delete the durable agent directory, rotate all credentials and API keys, revoke suspicious sessions, audit repositories and environment files, and move cryptocurrency funds to wallets created on a clean device.
Read our disclosure page to find out how can you help VPNCentral sustain the editorial team Read more
Improve this guide
User forum
0 messages