"An attacker has published 84 malicious versions of official TanStack npm packages, with the impact including credential theft, self-propagation, and complete disk wipe of an infected host. The attack is part of a wave of attacks across npm and PyPI, continuing the Mini Shai-Hulud campaign. Supply chain security company Socket reports that other compromised packages include the OpenSearch client, Mistral AI, UiPath, and Guardrails AI."
"Malicious npm packages for TanStack, an open source application stack, were published between 19:20 and 19:26 UTC on May 11. The attack was detected and reported within 30 minutes by StepSecurity, triggering incident response and npm deprecation. GitHub published a security advisory at 21:30 UTC, including a list of affected packages."
"TanStack founder Tanner Linsley published a postmortem describing how the attacker used a malicious commit on a fork to create a pull request on the TanStack repository, causing scripts to auto-run and build the malware. This poisoned the GitHub Actions cache in what Linsley said is a variant of a known GitHub Action vulnerability discovered in 2024. The malware then extracted the npm OpenID Connect (OIDC) token, used for trusted npm publishing, from runner memory using the same code used to compromise tj-actions in an attack last year."
"StepSecurity has a detailed analysis of the attack, noting that the payload "reads files from over 100 hardcoded paths" including those that may contain cloud credentials, SSH (secure shell) keys, developer tool configuration files, crypto wallets, VPN configurations, messaging credentials, and shell history. Shell history may contain tokens and passwords pasted into the terminal. Security researcher Nicholas Carlini warned the payload "installs a dead-man's switch... as a system user service.""
Eighty-four malicious versions of official TanStack npm packages were published within minutes and caused credential theft, self-propagation, and complete disk wipe on infected hosts. The activity followed a broader wave targeting npm and PyPI and continued the Mini Shai-Hulud campaign. The malicious packages were detected quickly, leading to incident response, npm deprecation, and a GitHub security advisory listing affected packages. The attacker used a malicious commit on a fork to create a pull request that triggered auto-running scripts and built the malware, poisoning the GitHub Actions cache. The malware extracted the npm OpenID Connect token from runner memory and read files from many hardcoded paths that could contain cloud credentials, SSH keys, wallet data, VPN settings, messaging credentials, and shell history. It also installed a dead-man’s switch as a system user service.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]