Compromised Nx Console VS Code Extension Targets Developers with Multi-Stage Credential Stealer
A malicious version of the popular Nx Console VS Code extension (18.95.0) was published to the marketplace, deploying a sophisticated credential stealer that harvests secrets from 1Password, npm, GitHub, and AWS.
Cybersecurity researchers have uncovered a supply-chain attack targeting the Nx Console extension for Visual Studio Code, a widely used tool with over 2.2 million installations. The compromised version, rwl.angular-console version 18.95.0, was published to the Microsoft VS Code Marketplace and contains a multi-stage credential stealer designed to harvest developer secrets. The attack was disclosed by StepSecurity researcher Ashish Kurmi, who detailed how the malicious extension silently executes an obfuscated payload from a dangling orphan commit hidden inside the official nrwl/nx GitHub repository.
The malicious payload activates within seconds of a developer opening any workspace in VS Code. It first installs the Bun JavaScript runtime to execute an obfuscated index.js file, which then performs environment checks to avoid infecting machines in Russian or CIS time zones. The malware launches as a detached background process and begins harvesting credentials from 1Password vaults, Anthropic Claude Code configurations, and secrets associated with npm, GitHub, and Amazon Web Services (AWS). Exfiltration occurs via HTTPS, the GitHub API, and DNS tunneling, making detection challenging.
A particularly alarming capability is the payload's full Sigstore integration, including Fulcio certificate issuance and SLSA provenance generation. Combined with stolen npm OIDC tokens, this allows attackers to publish downstream npm packages with valid, cryptographically signed provenance attestations, making malicious packages appear as legitimate, verified builds. This technique could enable long-term supply-chain poisoning that is difficult to detect.
The Nx team traced the root cause to a developer whose machine was compromised in a recent security incident, leaking their GitHub credentials. The attacker used these credentials to push an orphaned, unsigned commit to the nrwl/nx repository. The team has since revoked the compromised credentials and published version 18.100.0 as a fix. Users are urged to update immediately and check for indicators of compromise, including specific files like ~/.local/share/kitty/cat.py and processes with __DAEMONIZED=1 in their environment.
Affected users should terminate malicious processes, delete artifacts on disk, and rotate all credentials reachable from the affected machine, including tokens, secrets, and SSH keys. The Nx team acknowledged that a few users were compromised as a result of this breach. This incident marks the second time the Nx ecosystem has been targeted within a year, following the s1ngularity campaign in August 2025 that infected npm packages with a credential stealer.
The discovery coincides with a broader wave of malicious npm packages targeting developers. Researchers identified multiple campaigns, including packages containing hidden ELF binaries that backdoor Claude Code sessions, trojanized forks deploying Windows RATs, and packages designed to steal Telegram accounts and browser session cookies. These attacks highlight the escalating threat to software supply chains, where developer tools trusted by millions of developers are increasingly becoming vectors for credential theft and malware distribution.