Security researchers found a risky npm package called ansi-universal-ui on January 23, 2026, which posed as a genuine user interface component library This article explores malware evasion. . A lightweight user interface system for contemporary web applications was promised in the misleading package description.

Beneath this seemingly innocent exterior, however, was G_Wagon, a highly advanced multi-stage information thief created to extract private information from victims' computers. In order to extract browser credentials, cryptocurrency wallet data, cloud credentials, and messaging tokens, G_Wagon functions as a sophisticated attack framework that downloads its own Python runtime and runs heavily obfuscated code. The malware exhibits sophisticated technical capabilities by directly injecting an embedded Windows DLL into browser processes via native NT APIs. The information is exfiltrated into Appwrite storage buckets under the attackers' control.

Careful planning is evident in the infection process. The malicious code was automatically activated by a postinstall hook when users installed ansi-universal-ui. To avoid writing files to disk, the dropper component retrieves a Python payload from command and control servers, pipes it through stdin, and runs the destructive stealer in memory.

After tracking the development of the attack across several package releases between January 21 and January 23, Aikido analysts and researchers discovered the malware. Evasion of Detection via Constant Evolution G_Wagon's quick evolution and advanced evasion strategies are especially worrisome. Over the course of two days, the attackers released ten different package versions, gradually improving their strategy. A basic placeholder script was included in early iterations to test the dropper infrastructure.

By version 1.3.5, they included authentic-looking branding and comprehensive README files that described made-up elements like a "ThemeProvider" and a "Virtual Rendering Engine." In subsequent iterations, the attackers progressively improved obfuscation. In order to avoid pattern matching, hex-encoded command and control URLs were introduced in version 1.4.1.

In order to make the code resemble graphics rendering rather than malware, they renamed directories from python_runtime to lib_core/renderer and changed variable names from pythonCode to _texture_data. Additionally, instead of creating files, they began piping payloads through stdin, leaving no forensic artifacts on disk for investigators to retrieve. This ongoing improvement shows that a threat actor is actively learning from their implementation.

They switched between various command and control endpoints, fixed bugs within eighteen minutes of finding problems, and gradually added anti-forensics features like automatic payload deletion. The malicious package versions 1.3.5 through 1.4.1 should be removed right away. Additionally, all stored browser passwords should be rotated, cryptocurrency wallet extensions should be removed, and cloud provider credentials should be renewed.

Set CSN as a Preferred Source in Google to Receive More Instant Updates from LinkedIn and X.