The maintainers of the popular Nx build system have disclosed a major supply chain attack in which threat actors managed to publish malicious versions of the Nx npm package and related plugins, embedding credential-stealing functionality.

According to the advisory, these compromised packages contained code designed to scan local file systems, harvest credentials, and upload them to GitHub repositories under the victim’s own account.

Nx, an open-source build platform known for its AI-first approach and broad adoption, sees more than 3.5 million weekly downloads. The attack was traced back to August 26, 2025, and impacted multiple versions of both the core package and associated plugins before they were removed from the npm registry.

Root Cause: Workflow Vulnerability Exploited

The incident stemmed from a vulnerable GitHub Actions workflow introduced on August 21, 2025. Attackers exploited a flaw in the pull_request_target trigger, which runs workflows with elevated permissions—including a GitHub token with read/write access.

By submitting a malicious pull request (PR) to an outdated branch, the attackers were able to inject arbitrary commands, exfiltrate the npm token, and ultimately push rogue versions of the Nx packages to npm.

“These workflows granted attackers the ability to hijack the publish pipeline,” the Nx team explained. “The npm token was stolen and used to distribute malicious builds of Nx.”

Malicious Payload Behavior

Once installed, the compromised packages executed a postinstall script that:

• Scanned systems for text files, credentials, and SSH keys.
• Exfiltrated the stolen data to public GitHub repositories named s1ngularity-repository.
• Modified .zshrc and .bashrc files to include commands such as sudo shutdown -h 0, which tricked users into entering their system password and immediately shut down the machine.

Researchers also found that the payload targeted Linux and macOS systems, systematically harvesting files such as .gitconfig, cloud credentials, and API keys.

Scope of the Breach

Investigations by Wiz and GitGuardian revealed that at least 2,349 unique secrets were leaked, including:

• GitHub OAuth tokens and Personal Access Tokens (PATs).
• Cloud service credentials for AWS, Google AI, OpenAI, Anthropic Claude, Datadog, and others.
• Database and API keys.

Alarmingly, over 90% of the leaked GitHub tokens remain valid, increasing the risk of secondary exploitation.

AI Tools Weaponized in the Attack

Security researchers noted that the campaign also abused AI command-line tools by invoking them with unsafe flags (--dangerously-skip-permissions, --trust-all-tools) to facilitate file system reconnaissance.

This marks the first known case of attackers abusing AI developer assistants like Claude, Google Gemini, and Amazon Q as part of a supply chain compromise—showing how trusted AI tools can be repurposed for malicious operations.

Remediation and Defensive Measures

The Nx team has responded by:

• Rotating npm and GitHub tokens.
• Auditing repositories for suspicious activity.
• Enforcing two-factor authentication (2FA) for publish workflows.

Security firms recommend that all users who installed affected versions:

• Immediately rotate npm, GitHub, and cloud credentials.
• Inspect .zshrc and .bashrc files for unauthorized commands.
• Stop using the compromised versions and reinstall only from trusted builds.

A Wake-Up Call for Supply Chain Security

As Ashish Kurmi of StepSecurity warned:

“The popularity of Nx and the novelty of AI tool abuse make this incident a clear sign of the increasing sophistication of supply chain attacks. Organizations must act quickly to remediate exposure.”

This attack underscores the growing interconnection between software supply chains, cloud infrastructure, and AI tools—and highlights why continuous monitoring, strict credential hygiene, and proactive observability are essential for modern security operations.

Source: https://thehackernews.com/2025/08/malicious-nx-packages-in-s1ngularity.html