DISCOVERED on 23 January 2026, the malicious package ansi-universal-ui is only superficially a UI library; security researchers have dubbed the multi-stage attack platform “G_Wagon” for its infostealer capabilities. According to Aikido, the package exfiltrates browser credentials, cryptocurrency wallets, cloud credentials, and Discord tokens to an Appwrite storage bucket after downloading its own Python runtime to bypass local environment restrictions.
The researchers note a rapid development timeline, with 10 versions published over two days—Day 1 featuring an initial scaffold using npm’s tar module and subsequent fixes, and Day 2 adding the C2 URL and a full Python payload with browser injection by version 1.3.8.
The malware embeds a large base64-encoded blob that turns out to be an XOR-encrypted Windows DLL, which it injects into browser processes via high-level Native APIs such as NtAllocateVirtualMemory and NtCreateThreadEx, and it even includes a PE parser to locate an Initialize entry point.
To mitigate exposure, developers are advised to delete node_modules, remove the package, check for a .gwagon_status file in the home directory, and rotate credentials, focusing on browser-saved passwords and cloud keys across AWS, Azure, and GCP, as well as SSH keys.