North Korean BlueNoroff Compromises Mastra npm Maintainer, Poisons AI Framework with 140+ Malicious Packages
Microsoft reports that North Korean threat actor BlueNoroff compromised a Mastra npm maintainer account and published over 140 malicious packages targeting AI development environments.
Microsoft has disclosed that the North Korean state-sponsored threat group BlueNoroff compromised a maintainer account for the Mastra AI framework on npm and published more than 140 malicious packages. The supply-chain attack, detailed in a Microsoft security advisory, is designed to infiltrate AI development environments by distributing infostealers, backdoors, and credential theft tools through seemingly legitimate npm packages.
The attack specifically targets developers working with Mastra, an open-source AI framework used to build and deploy AI agents. By compromising the npm maintainer account, BlueNoroff was able to inject malicious code into packages that would be downloaded by unsuspecting developers integrating Mastra into their projects. Once installed, the malicious packages deploy a range of payloads including credential-stealing malware that targets browser-stored passwords, cryptocurrency wallets, and cloud service tokens.
Microsoft's threat intelligence team identified the campaign as originating from BlueNoroff, a subgroup of the larger Lazarus Group known for targeting financial institutions and cryptocurrency platforms. BlueNoroff has increasingly shifted focus to the software supply chain, recognizing that compromising developer tools can provide access to multiple high-value targets simultaneously. The group's tactics align with North Korea's broader efforts to generate revenue through cybercrime to fund its weapons programs.
The malicious packages were designed to evade detection by mimicking legitimate Mastra dependencies and using obfuscation techniques to hide their true functionality. Some packages included backdoors that allowed persistent remote access to compromised systems, while others focused on exfiltrating sensitive data from development environments. The campaign underscores the growing risk to AI development pipelines, which often involve complex dependency chains and automated package installations.
Microsoft has notified npm and the Mastra maintainers, who have since removed the malicious packages from the registry. Developers who have used Mastra packages in the past 30 days are advised to audit their dependencies, rotate credentials, and scan for signs of compromise. The incident highlights the critical need for package maintainers to enable multi-factor authentication and for organizations to implement software composition analysis tools to detect malicious dependencies.
This attack is part of a broader pattern of North Korean cyber operations targeting the software supply chain. In recent months, BlueNoroff has been linked to similar campaigns against cryptocurrency firms and technology companies, using phishing, social engineering, and account compromise to distribute malware. The targeting of AI frameworks represents an escalation, as these tools are increasingly central to enterprise operations and contain sensitive intellectual property.
The Mastra compromise serves as a stark reminder that even trusted open-source components can be weaponized. As AI adoption accelerates, securing the development toolchain becomes paramount. Organizations should treat all third-party packages with suspicion, verify package integrity through checksums, and monitor for anomalous behavior in development environments.