Hackers stole thousands of credentials in a fresh supply chain attack targeting JavaScript developers that use the popular Nx build system package.
With over 4 million weekly downloads, Nx is an open source, technology-agnostic build platform that allows developers to manage codebases at scale.
As part of the newly uncovered supply chain attack, dubbed s1ngularity, hackers stole an Nx NPM token allowing them to publish malicious versions of the package to the registry.
At the root of the attack was a vulnerable workflow introduced on August 21, which could be used for code injection, the Nx maintainers explain.
Although the bug was reverted in the master branch almost immediately after found maliciously exploitable, a threat actor used it in a pull request to a fork to the nrwl/nx repository, targeting an outdated branch to trigger the issue and steal a GITHUB_TOKEN that has read/write repository permissions.
The GITHUB_TOKEN was then used to trigger the publish.yml workflow, which contained the NPM token used to publish multiple malicious versions of Nx and supporting plugin packages. Users of the Nx Console IDE extension were also affected, even if they did not have workspaces using Nx.
Between 6:32 PM and 8:37 PM EDT on August 26, eight malicious Nx iterations were published. They were removed at 10:44 PM and all the NPM tokens with permissions for publishing were revoked at 11:57 PM.
Hours later, “all NPM packages under Nx (affected or not) have been set to require 2FA and CANNOT be published with NPM tokens any longer. All NPM packages have also been changed to use the new Trusted Publisher mechanism which does not utilize NPM tokens,” the Nx maintainers say.
Nx versions 21.5.0, 20.9.0, 21.6.0, 20.10.0, 21.7.0, 20.11.0, 21.8.0, and 20.12.0 were packed with a post-install script that executed a malicious telemetry.js file on Linux and macOS systems, cybersecurity firm Wiz notes.
The payload was designed to systematically search the systems for sensitive files and environment variables containing SSH keys, NPM tokens, GitHub tokens, API keys, and cryptocurrency wallet data.
It also caused damage by modifying users’ shell startup files, adding shutdown commands that would crash the systems when opening new terminal sessions, GitGuardian explains.
Additionally, the code was designed to weaponize AI tools such as Claude and Gemini to help with reconnaissance and data exfiltration.
“This marks the first known case where attackers have turned developer AI assistants into tools for supply chain exploitation,” StepSecurity points out.
The code encoded the harvested data, created public GitHub repositories named ‘s1ngularity-repository’ (or variations), and uploaded the encoded data to them.
Wiz and GitGuardian observed thousands of such repos and warn that, although they were deleted or archived by GitHub, the repositories were online long enough for the attackers to download the data they contained.
“Among the varied leaked data here, we’ve observed over a thousand valid Github tokens, dozens of valid cloud credentials and NPM tokens, and roughly twenty thousand files leaked. In many cases, the malware appears to have run on developer machines, often via the NX VSCode extension. We’ve also observed cases where the malware ran in build pipelines, such as Github Actions,” Wiz notes.
According to GitGuardian, the hackers managed to exfiltrate 2,349 distinct secrets to 1,079 repositories identified on August 27. At the peak of the attack, almost 1,400 such repositories were publicly accessible.
“Half of these secrets were valid at the time of writing. The most numerous are GitHub OAuth App Keys. This result, surprising at first glance, is in fact linked to the functioning of Nx, for which a GitHub application exists and facilitates interactions between NX Cloud and GitHub,” GitGuardian says.
The security firm also warns that the stolen secrets should be revoked immediately, as any delay in doing so might result in further compromise.
“The ability to rapidly detect exposure, validate impact, and execute coordinated revocation across thousands of non-human identities has become the new baseline for resilient software delivery in an era where supply chain attacks can weaponize leaked credentials within hours of discovery,” GitGuardian pointed out.
Related: Watch Now: CodeSecCon – Where Software Security’s Next Chapter Unfolds (Virtual Event)
Related: Hackers Weaponize Trust with AI-Crafted Emails to Deploy ScreenConnect
Related: Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution
Related:5 Steps to Assessing Risk Profiles of Third-Party SSE Platforms
