"On 26 August 2025, multiple malicious versions of the widely used Nx build system package were published to the npm registry, in an attack dubbed "s1ngularity." In an article by researchers Merav Bar and Rami McCarthy, cybersecurity company Wiz explained how these versions contained a malware script intended to collect sensitive developer assets, including cryptocurrency wallets, GitHub and npm tokens, and SSH keys. The affected packages included @nrwl/nx, @nx/devkit, and several other related packages."
"The attackers embedded the malware in a file named telemetry.js, which systematically searched for sensitive files, including wallets, keystores, .env files, and SSH keys, on MacOS and Linux systems where those packages had been downloaded. The campaign weaponised installed AI command-line tools by running them with dangerous flags such as --dangerously-skip-permissions, --yolo, and --trust-all-tools to steal filesystem contents. Bar and McCarthy observed that "this AI-powered activity succeeded in hundreds of cases, although AI provider guardrails at times interceded.""
"The stolen data was encoded and uploaded to attacker-controlled GitHub repositories. The researchers observed over a thousand valid GitHub tokens, many sets of valid cloud credentials and NPM tokens, and about twenty thousand other files. The attack had two phases. The first phase involved the initial credential theft and repository creation. On 27 August 2025 at 9am UTC, GitHub disabled all attacker-created repositories, but the eight-hour exposure window had already allowed the hackers to download the data."
Malicious versions of the Nx build system were published to npm on 26 August 2025 in an attack dubbed "s1ngularity". The packages, including @nrwl/nx and @nx/devkit, contained a malware script to collect developer assets such as cryptocurrency wallets, GitHub and npm tokens, and SSH keys. The malware, embedded in telemetry.js, searched MacOS and Linux systems for wallets, keystores, .env files, and SSH keys. The campaign ran installed AI command-line tools with flags like --dangerously-skip-permissions, --yolo, and --trust-all-tools to steal filesystem contents. Stolen data was encoded and uploaded to attacker-controlled GitHub repositories, yielding over a thousand valid GitHub tokens and about twenty thousand files. GitHub disabled attacker-created repositories on 27 August 2025 after an eight-hour exposure window.
Read at InfoQ
Unable to calculate read time
Collection
[
|
...
]