Malicious versions of Nx and some supporting plugins were published
14 days ago
- #npm
- #github
- #security
- Malicious versions of the nx package and supporting plugins were published to npm, containing code to scan file systems and steal credentials.
- Affected versions include nx 21.5.0, 20.9.0, 20.10.0, 21.6.0, 20.11.0, 21.7.0, 21.8.0, and 20.12.0, among others.
- The attack vector was a compromised npm token with publish rights to the affected packages.
- Malicious behavior included scanning for credentials, posting them to GitHub, and modifying system files to include a shutdown command.
- Timeline details the publishing of malicious versions and subsequent removal by npm.
- Immediate actions required include checking for impact, uninstalling malicious versions, and rotating compromised credentials.
- Preventative measures now include enforcing 2FA and using Trusted Publisher mechanisms for npm packages.