VERY IMPORTANT

A malicious package named 'https-proxy-utils' was discovered in the npm registry, posing as a utility for using proxies but containing a post-install script that downloads and executes the AdaptixC2 post-exploitation framework agent. The package mimicked popular legitimate packages and cloned functionality from another package. The script included payload delivery methods for Windows, Linux, and macOS, using specific techniques for each operating system. Once deployed, the AdaptixC2 agent provides remote access, command execution, and persistence capabilities. This incident highlights the growing trend of abusing open-source software ecosystems as an attack vector, following a similar high-profile incident involving the Shai-Hulud worm.