@Shadanai/Openclaw
A JavaScript package on npm compromised by UNC1069 in May 2026.
Last refreshed: 20 May 2026 · Appears in 1 active topic
How far has UNC1069 extended WAVESHAPER.V2 beyond the Axios compromise into the npm ecosystem?
Timeline for @shadanai/openclaw
Mentioned in: UNC1069 expands the npm WAVESHAPER supply chain
Cybersecurity: Threats and Defences- What is the @shadanai/openclaw npm package and is it safe to use?
- @shadanai/openclaw is an npm package confirmed by GTIG to have been compromised by DPRK-linked actor UNC1069 in May 2026, shipping the WAVESHAPER.V2 backdoor. It should not be installed or used.Source: Google Threat Intelligence Group
- What is WAVESHAPER.V2 and what does it do to infected systems?
- WAVESHAPER.V2 is a backdoor payload attributed to DPRK-linked actor UNC1069. It provides remote access, data exfiltration capability, and persistence on systems where it is installed, typically via compromised npm packages inserted into developer build pipelines.Source: Google Threat Intelligence Group
- How does UNC1069 use the npm registry to attack software developers?
- UNC1069 registers scoped npm packages (such as @shadanai/openclaw and @qqbrowser/openclaw-qbot) and inserts WAVESHAPER.V2 backdoor code into them. Developers or build pipelines that install these packages without version pinning or Integrity checks execute the malicious payload.Source: GTIG / SANS Internet Storm Center
- Which npm packages did DPRK hackers compromise after the Axios attack in 2026?
- Following the April 2026 Axios WAVESHAPER.V2 compromise, GTIG confirmed UNC1069 also compromised @shadanai/openclaw and @qqbrowser/openclaw-qbot (version 0.0.130) with the same backdoor payload.Source: Google Threat Intelligence Group
Background
`@shadanai/openclaw` is an npm registry package compromised by UNC1069, a Democratic People's Republic of Korea (DPRK)-linked threat actor cluster, in May 2026 as part of the expanding WAVESHAPER.V2 supply-chain campaign. GTIG identified the package as one of two additional npm packages beyond the Axios compromise that ship the WAVESHAPER.V2 backdoor payload. The campaign, also attributed to the actor cluster in earlier reporting, targets developers and enterprises that install the package as a dependency, injecting backdoor code into their build pipelines or development environments. Active distribution via the public npm registry means any downstream project installing `@shadanai/openclaw` without version pinning or integrity checking could be exposed.
UNC1069 operates in the tradition of DPRK-linked supply-chain actors (also tracked as Lazarus Group sub-clusters) who use fraudulent npm package names, typosquatting, or dependency confusion to insert malicious code into developer workflows. The WAVESHAPER.V2 payload functions as a backdoor providing remote access, data exfiltration capability, and persistence on infected systems. The April 2026 Axios WAVESHAPER.V2 campaign established the pattern; `@shadanai/openclaw` and its companion `@qqbrowser/openclaw-qbot` extend the campaign's reach into additional developer tooling namespaces.
The download volume of `@shadanai/openclaw` is small relative to mainstream packages like Axios, limiting its immediate blast radius. However the structural concern is wider: UNC1069's ability to register and publish under the `@shadanai` scoped namespace on npm demonstrates that registry namespace controls alone are insufficient to prevent supply-chain insertion. The npm registry's response to the confirmed compromise and the package's removal status as of 20 May 2026 have not been publicly confirmed.