Popular Nx Packages Compromised by Credential-Stealing Malware

A widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive credentials and demonstrating a frighteningly comprehensive approach to future threats.

Security researchers have confirmed that malicious versions of Nx—numbered 20.9.0 through 21.8.0—systematically scanned infected machines for a broad range of secrets before exfiltrating them to public GitHub repositories in an elaborately encoded format.

Upon installation, the tainted Nx packages launched routines to harvest GitHub tokens, npm authentication keys, SSH private keys, environment-variable API keys, and cryptocurrency wallet files.

The malware probed common file paths and environment variables, pursuing a full spectrum of credentials to facilitate lateral movement across developer systems.

Once gathered, stolen secrets were double-base64 encoded and pushed to uniquely named “s1ngularity-repository” GitHub repos, each containing a single results.b64 file. This method ensured data integrity while slipping past basic detection ...