VYPR
breachPublished May 19, 2026· Updated May 29, 2026· 5 sources

Compromised Nx Console VS Code Extension Targets Developers with Multi-Stage Credential Stealer

A malicious version of the popular Nx Console VS Code extension (18.95.0) was published to the marketplace, deploying a sophisticated credential stealer that harvests secrets from 1Password, npm, GitHub, and AWS.

Cybersecurity researchers have uncovered a supply-chain attack targeting the Nx Console extension for Visual Studio Code, a widely used tool with over 2.2 million installations. The compromised version, rwl.angular-console version 18.95.0, was published to the Microsoft VS Code Marketplace and contains a multi-stage credential stealer designed to harvest developer secrets. The attack was disclosed by StepSecurity researcher Ashish Kurmi, who detailed how the malicious extension silently executes an obfuscated payload from a dangling orphan commit hidden inside the official nrwl/nx GitHub repository.

The malicious payload activates within seconds of a developer opening any workspace in VS Code. It first installs the Bun JavaScript runtime to execute an obfuscated index.js file, which then performs environment checks to avoid infecting machines in Russian or CIS time zones. The malware launches as a detached background process and begins harvesting credentials from 1Password vaults, Anthropic Claude Code configurations, and secrets associated with npm, GitHub, and Amazon Web Services (AWS). Exfiltration occurs via HTTPS, the GitHub API, and DNS tunneling, making detection challenging.

A particularly alarming capability is the payload's full Sigstore integration, including Fulcio certificate issuance and SLSA provenance generation. Combined with stolen npm OIDC tokens, this allows attackers to publish downstream npm packages with valid, cryptographically signed provenance attestations, making malicious packages appear as legitimate, verified builds. This technique could enable long-term supply-chain poisoning that is difficult to detect.

The Nx team traced the root cause to a developer whose machine was compromised in a recent security incident, leaking their GitHub credentials. The attacker used these credentials to push an orphaned, unsigned commit to the nrwl/nx repository. The team has since revoked the compromised credentials and published version 18.100.0 as a fix. Users are urged to update immediately and check for indicators of compromise, including specific files like ~/.local/share/kitty/cat.py and processes with __DAEMONIZED=1 in their environment.

Affected users should terminate malicious processes, delete artifacts on disk, and rotate all credentials reachable from the affected machine, including tokens, secrets, and SSH keys. The Nx team acknowledged that a few users were compromised as a result of this breach. This incident marks the second time the Nx ecosystem has been targeted within a year, following the s1ngularity campaign in August 2025 that infected npm packages with a credential stealer.

The discovery coincides with a broader wave of malicious npm packages targeting developers. Researchers identified multiple campaigns, including packages containing hidden ELF binaries that backdoor Claude Code sessions, trojanized forks deploying Windows RATs, and packages designed to steal Telegram accounts and browser session cookies. These attacks highlight the escalating threat to software supply chains, where developer tools trusted by millions of developers are increasingly becoming vectors for credential theft and malware distribution.

GitHub has now officially confirmed that the breach of its internal repositories—resulting in the exfiltration of approximately 3,800 repositories—originated from a compromised employee device running the malicious Nx Console extension. GitHub CISO Alexis Wales stated that no customer-owned repositories or cloud services were impacted, though some internal repositories contained excerpts of customer support interactions. The Nx team additionally revealed that the extension was poisoned after one of its own developers' systems was hacked, linking the incident to the broader TanStack supply chain attack that also affected OpenAI, Mistral AI, and Grafana Labs.

The attack has now been linked to the broader Mini Shai-Hulud campaign, with the Nx developer account compromised via a prior TanStack npm package supply-chain breach. GitHub confirmed that the malicious extension led to the theft of approximately 3,800 internal repositories, and the TeamPCP hacking group has claimed responsibility, reportedly partnering with Lapsus$ to sell the stolen data for $95,000. Nx CEO Jeff Cross acknowledged that the malicious version was published without manual approval from other administrators and announced pipeline hardening requiring two-administrator approval for future releases.

CISA has now added CVE-2026-48027 to its Known Exploited Vulnerabilities (KEV) catalog, formally warning federal agencies and private organizations that the malicious Nx Console extension (version 18.95.0) was used to compromise a GitHub employee's device and exfiltrate internal repositories. The agency also linked the incident to a broader 'Megalodon' campaign that injects malicious GitHub Action workflows to steal CI/CD secrets and cloud credentials from public repositories, and recommended organizations delay package pulls by three hours and audit all workflow files for suspicious commits made after May 18, 2026.

CISA has now added CVE-2026-48027 to its Known Exploited Vulnerabilities catalog, warning that any machine that ran the compromised Nx Console extension should be treated as fully compromised. The agency also disclosed a parallel campaign, dubbed 'Megalodon,' which injected 5,718 malicious commits into 5,561 public GitHub repositories within six hours to steal CI/CD secrets and cloud credentials. CISA urges organizations to audit workflow files for suspicious commits made after May 18, 2026, and to rotate all credentials accessible to affected pipelines.

Synthesized by Vypr AI
Compromised Nx Console VS Code Extension Targets Developers with Multi-Stage Credential Stealer · VYPR