On August 26, 2023, a threat actor compromised the npm package repository by releasing malicious updates for the popular Nx build platform, affecting developers. The compromised version 21.5.0, and several subsequent releases, contained malware designed to steal sensitive data, including cryptocurrencies and developer credentials such as GitHub tokens and SSH keys. This malware exploited AI command-line tools to scan victim systems and uploaded stolen data to new repositories named “s1ngularity-repository-“ under victim accounts, thereby leveraging victims’ infrastructure for data exfiltration.
StepSecurity identified a secondary wave of attacks targeting these exposed credentials, where attackers renamed and published private repositories, thereby escalating the breach. Developers using Nx were particularly vulnerable. Immediate remediation steps include making affected repositories private, revoking access tokens, and deleting any compromised forks. This incident highlights a concerning innovation in supply chain attacks where malware utilizes AI tools for reconnaissance and data gathering.
Source link
