VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Mastra: 144 npm packages compromised via vendor account takeover

Mastra: 144 npm‑пакета скомпрометированы через захват аккаунта поставщика

Colleagues — a cybersecurity alert: the easy-day-js campaign compromised up to 144 @mastra/* packages.

What happened:
- npm account "ehindero" was taken over; attacker mass-published malicious packages.
- The malicious dependency "easy-day-js" runs in postinstall, disables TLS and downloads an info‑stealer from C2.
- It harvests browser history, data from 160+ crypto extensions, and achieves cross‑platform persistence.

Recommendations: revert to known-safe versions, rotate tokens, audit workstations and CI, and require provenance/signatures for package publishes.

Why it matters: the malware executes on install — build environments and developer machines are at risk.

What additional measures do you deem critical to protect the software supply chain?

#cybersecurity #supplychain #npm #opensource

Latest comments

No comments yet.