Ethical Hacking News
Nx NPM packages have been poisoned in an AI-assisted supply chain attack, resulting in the compromise of numerous developer credentials and sensitive information. The attack highlights the evolving sophistication of supply chain attacks and serves as a reminder of the importance of vigilance in software development and maintenance.
Nx, a popular open-source codebase management platform, was compromised by a sophisticated AI-assisted attack using poisoned Nx NPM packages. The attack extracted sensitive information from developers, including GitHub tokens, SSH keys, cryptocurrency wallet details, and more. AI tools like Claude, Gemini, and Q were used to carry out the attack, which posed a significant threat due to Nx's self-proclaimed 24 million NPM downloads per month. The attack resulted in dozens of valid cloud credentials and NPM tokens being leaked, as well as around 20,000 files stolen and exposed. Users are encouraged to contact Nx's support team for assistance in determining what data was compromised, and developers are advised to take immediate action to protect themselves against similar attacks.
The world of software supply chain management has been dealt a significant blow, as Nx, a popular open-source codebase management platform, has fallen victim to a sophisticated AI-assisted attack. The attack, which was carried out by using poisoned Nx NPM packages, managed to compromise the credentials of numerous developers and siphon sensitive information from them.
According to researchers at Wiz, who initially discovered the malicious activity, the Nx NPM packages were laden with malware designed to extract secrets from developers, including GitHub tokens, SSH keys, cryptocurrency wallet details, and more. The attack was carried out in a manner that utilized AI tools, such as Claude, Gemini, and Q, which are locally installed generative AI CLIs.
The malicious activity began when Nx's security advisory was posted to GitHub, detailing the affected versions of the Nx NPM packages. It is worth noting that the Nx ecosystem, with its self-proclaimed 24 million NPM downloads per month, poses a significant threat in the event of a successful supply chain attack. This could potentially capture the details of numerous developers and put their sensitive information at risk.
The attack was carried out when a token, which had publishing rights to the compromised packages, was compromised through unspecified means. However, it is worth noting that all maintainers had two-factor authentication (2FA) enabled on their accounts at the time of the attack. Despite this, 2FA was not required for publishing, and a provenance mechanism verified which publications were legitimate.
Researchers pointed out that the Nx supply chain attack had a unique characteristic in its use of AI tools to bypass defenses. The abuse of locally installed generative AI CLIs presented a novel method of attack, as it forces these tools to recursively scan the file system and write discovered sensitive file paths to /tmp/inventory.txt. This effectively uses legitimate tools as accomplices in the attack.
The malicious packages also added a shutdown command to victims' startup files, which would force their machines to shut down upon logging in. However, it is worth noting that this may have contributed to how quickly the issue was noticed and limited the impact of the attack.
In addition to compromising sensitive information, the attack resulted in dozens of valid cloud credentials and NPM tokens being leaked, as well as around 20,000 files stolen and exposed. Researchers stated that more than 1,000 valid GitHub tokens were also leaked during the attack.
The affected versions of Nx's NPM packages started being published to NPM at 2232 UTC on August 26, with subsequent publications continuing until just over two hours later. Nx was alerted to the issue at 0258 UTC and promptly removed all affected versions from the NPM registry in less than an hour.
As a result, users who may have been compromised by the attack are encouraged to contact Nx's support team for assistance in determining what data was compromised. It is essential that developers take immediate action to protect themselves against similar attacks in the future.
The incident highlights the evolving sophistication of supply chain attacks and serves as a reminder of the importance of vigilance in software development and maintenance. The use of AI tools in these types of attacks will likely become more prevalent, making it crucial for developers to stay informed about emerging threats and best practices for protecting themselves against them.
Related Information:
https://www.ethicalhackingnews.com/articles/Nx-NPM-Packages-Poisoned-in-AI-Assisted-Supply-Chain-Attack-ehn.shtml
Published: Wed Aug 27 17:13:28 2025 by llama3.2 3B Q4_K_M
