npm

mgc

mgc is identified in the SafeDep analysis "Compromised npm Package mgc Deploys Multi-Platform RAT". The npm package mgc was compromised via account takeover, with four malicious versions published in rapid succession deploying a full Remote Access Trojan targeting macOS, Windows, and Linux.

discovered 2026-04-03

Threat types

ratcredential_stealerdata_exfiltrationpersistencec2_agent

Malicious versions

1.2.1
1.2.2
1.2.3
1.2.4

Campaigns

No Specific Campaignattributed-to

Indicators

domainadmondtamang.com.npcommunicates-with
domaingist.github.comcommunicates-with
domaingist.githubusercontent.comcommunicates-with
sha25640aa5d412a50db79a814ac5ad65237745727cb4777843d66a760f64285a5a3e6indicates
sha11c5d51c2002f452a4dd58a1a73a9dd90a7fe0297indicates
md5814132e794e5d007e9b8ebd223a9494findicates
md50c0fc7a0c23cdb5e1c8f66b208053ed6indicates
email[email protected]exfiltrates-to

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
ttpT1041 Exfiltration Over C2 Channeluses
ttpT1528 Steal Application Access Tokenuses
ttpT1105 Ingress Tool Transferuses
ttpT1071.001 Application Layer Protocol: Web Protocolsuses
ttpT1102 Web Serviceuses
ttpT1546 Event Triggered Executionuses

Read the full analysis →