A new supply chain attack has emerged, targeting software developers who utilize AI coding tools. On March 20, 2026, a malicious npm package named gemini-ai-checker was released under the guise of a utility for verifying Google Gemini AI tokens. This package, along with two others, was designed to infiltrate developer environments and steal sensitive information.
The attack was orchestrated by a threat actor who published the package under the account gemini-check. The package appeared legitimate, with a README copied from an unrelated JavaScript library, chai-await-async, which should have been a warning sign. Once installed, the package contacted a Vercel-hosted server to download and execute a JavaScript payload, which was traced back to a known JavaScript backdoor linked to North Korean threat actors.
The technical execution of the attack was sophisticated, designed to evade detection. The package was larger than typical token checkers and included a file that split its command-and-control configuration into separate variables to avoid detection. Upon installation, the package reassembled these pieces to contact the server, executing the payload directly in memory to bypass traditional security tools.
The impact of this attack is significant, as it specifically targets AI developer tools, exposing API keys, conversation logs, and source code to theft. The malware also targeted browser credentials and cryptocurrency wallets, posing a broad threat to developers’ digital assets.
To mitigate such threats, developers should carefully verify npm package contents before installation and monitor for mismatches between package names and documentation. Blocking or monitoring outbound connections to Vercel and using detection queries can help identify suspicious activities. Reporting any suspicious packages can aid in community defense efforts against such sophisticated attacks.
Source: https://cybersecuritynews.com/hackers-use-fake-gemini-npm-package/