{"id":2094,"date":"2026-03-24T12:05:32","date_gmt":"2026-03-24T12:05:32","guid":{"rendered":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/"},"modified":"2026-03-24T12:05:32","modified_gmt":"2026-03-24T12:05:32","slug":"ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials","status":"publish","type":"post","link":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/","title":{"rendered":"Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials"},"content":{"rendered":"<div>Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data.<br \/>\nThe activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below &#8211;<\/p>\n<p>react-performance-suite<br \/>\nreact-state-optimizer-core<br \/>\nreact-fast-utilsa<br \/>\nai-fast-auto-trader<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below &#8211; react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[90],"tags":[91],"class_list":["post-2094","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","tag-cybersecurity"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials - Imperative Business Ventures Limited<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials - Imperative Business Ventures Limited\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below &#8211; react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader\" \/>\n<meta property=\"og:url\" content=\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/\" \/>\n<meta property=\"og:site_name\" content=\"Imperative Business Ventures Limited\" \/>\n<meta property=\"article:published_time\" content=\"2026-03-24T12:05:32+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"headline\":\"Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials\",\"datePublished\":\"2026-03-24T12:05:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/\"},\"wordCount\":62,\"keywords\":[\"Cybersecurity\"],\"articleSection\":[\"Cybersecurity\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/\",\"url\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/\",\"name\":\"Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials - Imperative Business Ventures Limited\",\"isPartOf\":{\"@id\":\"https:\/\/blog.ibvl.in\/#website\"},\"datePublished\":\"2026-03-24T12:05:32+00:00\",\"author\":{\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\"},\"breadcrumb\":{\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/blog.ibvl.in\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/blog.ibvl.in\/#website\",\"url\":\"https:\/\/blog.ibvl.in\/\",\"name\":\"Imperative Business Ventures Limited\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/blog.ibvl.in\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\/\/blog.ibvl.in\"],\"url\":\"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials - Imperative Business Ventures Limited","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/","og_locale":"en_US","og_type":"article","og_title":"Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials - Imperative Business Ventures Limited","og_description":"Cybersecurity researchers have uncovered a new set of malicious npm packages that are designed to steal cryptocurrency wallets and sensitive data. The activity is being tracked by ReversingLabs as the Ghost campaign. The list of identified packages, all published by a user named mikilanjillo, is below &#8211; react-performance-suite react-state-optimizer-core react-fast-utilsa ai-fast-auto-trader","og_url":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/","og_site_name":"Imperative Business Ventures Limited","article_published_time":"2026-03-24T12:05:32+00:00","author":"admin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"admin"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/#article","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/"},"author":{"name":"admin","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"headline":"Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials","datePublished":"2026-03-24T12:05:32+00:00","mainEntityOfPage":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/"},"wordCount":62,"keywords":["Cybersecurity"],"articleSection":["Cybersecurity"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/","url":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/","name":"Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials - Imperative Business Ventures Limited","isPartOf":{"@id":"https:\/\/blog.ibvl.in\/#website"},"datePublished":"2026-03-24T12:05:32+00:00","author":{"@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02"},"breadcrumb":{"@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/blog.ibvl.in\/index.php\/2026\/03\/24\/ghost-campaign-uses-7-npm-packages-to-steal-crypto-wallets-and-credentials\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/blog.ibvl.in\/"},{"@type":"ListItem","position":2,"name":"Ghost Campaign Uses 7 npm Packages to Steal Crypto Wallets and Credentials"}]},{"@type":"WebSite","@id":"https:\/\/blog.ibvl.in\/#website","url":"https:\/\/blog.ibvl.in\/","name":"Imperative Business Ventures Limited","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/blog.ibvl.in\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/55b87b72a56b1bbe9295fe5ef7a20b02","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blog.ibvl.in\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4d20b2cd313e4417a599678e950e6fb7d4dfa178a72f2b769335a08aaa615aa9?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/blog.ibvl.in"],"url":"https:\/\/blog.ibvl.in\/index.php\/author\/admin_hcbs9yw6\/"}]}},"_links":{"self":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2094","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/comments?post=2094"}],"version-history":[{"count":0,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/posts\/2094\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/media?parent=2094"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/categories?post=2094"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ibvl.in\/index.php\/wp-json\/wp\/v2\/tags?post=2094"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}