The npm Package That Wipes Your Files When You Try to Stop It

The attack highlights the critical need for enhanced security measures in software supply chains to protect digital asset infrastructures. The post TanStack, Mistral AI, UiPath targeted in major supply chain attack compromising 170+ packages appeared first on Crypto Briefing.

TeamPCP open-sourced Shai-Hulud today. The OIDC token extraction technique that made the TanStack attack different from every previous campaign is now a public toolkit.

The TeamPCP threat group has pulled off another big supply chain attack which within a few hours this week was able to successfully compromise 170 Node Package Manager (npm) and PyPI packages. The attack affected the entire TanStack Router ecosystem (@tanstack) of 42 packages, a routing library hugely popular among React web application developers. Multiple other packages were also affected, including @squawk (87 packages), @uipath (66 packages), @tallyui (30 packages), @beproduct (18 packages), as well as Mistral AI’s SDK suite on both npm and PyPI, and the Guardrails AI PyPI package. The attacks, noticed by several vendors using automated security tools, happened on May 11, spreading rapidly through package ecosystems thanks to the worm capabilities of the automated Mini Shai-Hulud malware platform, analysis found. The exact number of package versions caught up in the attack varies depending on the source; according to Aikido Security it was 373 across 169 package namespaces, while S

Attackers too are looking to cash in on the AI coding craze, adapting their supply-chain techniques to target coding agents themselves. Many AI agents autonomously scan package registries such as NPM and PyPI for components to integrate into their coding projects, and attackers are beginning to take advantage of this. Bait packages with persuasive descriptions and legitimate functionality have cropped up on such registries, while packages that target names that AI coding agents are likely to hallucinate as dependencies are another attack vector on the horizon. Researchers from security firm ReversingLabs have been tracking one such supply-chain attack that uses “LLM Optimization (LLMO) abuse and knowledge injection” to make packages more likely to be discovered and chosen by AI agents. Dubbed PromptMink, the attack was attributed to Famous Chollima, one of North Korea’s APT groups tasked with generating funds for the regime by targeting developers and users from the cryptocurrency and

A supply chain attack on SAP-related npm packages has put fresh scrutiny on the developer tools and build workflows that enterprises rely on to produce software. The campaign, referred to as “mini Shai-Hulud,” affected packages used in SAP’s JavaScript and cloud application development ecosystem. The malicious versions added installation-time code that could steal developer credentials, GitHub and npm tokens, GitHub Actions secrets, and cloud credentials from AWS, Azure, GCP, and Kubernetes environments. Researchers at SafeDep, Aikido Security, Wiz, and several other security firms said the affected packages included mbt@1.2.48, @cap-js/db-service@2.10.1, @cap-js/postgres@2.2.2, and @cap-js/sqlite@2.2.2. The suspicious versions were published on April 29 and were later replaced by safe releases. The malware encrypted stolen data and sent it to public GitHub repositories created from victims’ own accounts, according to the researchers. It also used stolen GitHub and npm tokens to add ma

Application developers are being warned that malicious versions of pgserve, an embedded PostgreSQL server for application development, and automagik, an AI coding tool, have been dropped into the npm JavaScript registry, where they could poison developers’ computers. Downloading and using these versions will lead to the theft of data, tokens, SSH keys, credentials, including those for Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP), crypto coins from browser wallets, and browser passwords. The malware also spreads to other connected PCs. The warnings came this week from researchers at two security firms. Researchers at Socket found fake packages aimed at app developers looking for pgserve, an embedded PostgreSQL server for application development and testing, and automagik, an AI coding and agent-orchestration CLI from Namastex.ai. The researchers said the attack contains similarities to a recent campaign dubbed CanisterWorm, a worm-enabled supply chain atta