- When a token with publishing rights was stolen, several poisoned NX variants were released
- Malware stole secrets and other important data
- The attack lasted a few hours but could still cause harm
Countless software developers, probably including those within the Fortune 500 companies, were victims of a supply chain attack after NX, Open Source Build system and the development tool set were compromised.
In a message sent on GitHub, NX said, “malicious versions of NX and some supporting plugins were published” at NPM.
At the same time, security scientists Wiz released a separate message and said that the malicious versions had infostealing malware, seized secrets such as GitHub and NPM -Tokens, SSH keys, Crypto -Tevebogs Information and more from affected developers.
Thousands of leaked tokens
How NX was compromised remains unknown -Wiz believes that the threat actors managed to get a token with release rights, enabling them to push malicious versions to NPM, despite the fact that all maintenance had two -factor approval (2FA) that was capable of at the time of the attack. Apparently, 2FA was not necessary to publish the packages.
The attack lasted about four hours before NPM removed all the poisoned versions.
NX did not discuss how many companies might have been hit in this supply chain attack but wiz told Registered via E -Mail that more than 1,000 valid Github -Tokens was leaked. In addition, the striker stole about 20,000 files and “dozens” of valid Sky -Legitimation information and NPM -Tokens.
Affected users need to reach NX’s support team for help.
Both NPM and NX are hugely popular in the software development community, with more than 70% of the Fortune 500 companies allegedly using it, so it may not be surprising that it is under constant attack.
However, security researchers Step Security found something unique: Malware “The Weapon AI CLI tools (including Claude, Gemini and Q) to help with reconnaissance and data filling -marking the first known case where attackers have transformed developing AI assistants for tools for the utilization of the supply chain.”
“This technique forces the AI tools to recursively scan the file system and write discovered sensitive file paths to /tmp/inventory.txt, effectively using legitimate tools as accomplices in the attack.”
