VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Nx Console 18.95.0 Compromised — Developer Credentials Stolen

Nx Console 18.95.0 скомпрометирован — кража учётных данных разработчиков

Colleagues — a cybersecurity alert: the Nx Console extension (rwl.angular-console v18.95.0) in the VS Code Marketplace was compromised; the package contained a credential-stealing payload.

Summary:
- An orphaned commit was pushed via a compromised account; on workspace open the extension executed an obfuscated payload.
- Secrets stolen (1Password, Anthropic Claude Code, npm, GitHub, AWS) and exfiltrated via HTTPS/GitHub API/DNS; on macOS a Python backdoor is installed.
- Update to 18.100.0+, check indicators, terminate suspicious processes, and rotate tokens/keys.

Why this matters: the attack undermines the supply chain and enables signing of malicious packages.

Which additional mitigations do you prioritize?

#cybersecurity #supplychain #DevSecOps #development

Latest comments

No comments yet.