"The affected npm packages have been modified to include an obfuscated JavaScript file ("router_init.js") that's designed to profile the execution environment and launch a comprehensive credential stealer capable of targeting cloud providers, cryptocurrency wallets, AI tools, messaging apps, and CI systems, including Github Actions, Aikido Security, Endor Labs, SafeDep, Socket, and StepSecurity said. The data is exfiltrated to the "filev2.getsession[.]org" domain."
"Using Session Protocol infrastructure is a deliberate attempt on the part of the attackers to evade detection, as the domain is unlikely to be blocked within enterprise environments, given that it belongs to a decentralized, privacy-focused messaging service. As a fallback option, the encrypted data is committed to attacker-controlled repositories under the author name "claude@users.noreply.github.com" via the GitHub GraphQL API using the stolen GitHub tokens."
"The malware is also capable of establishing persistence hooks in Claude Code and Microsoft Visual Studio Code (VS Code) to survive reboots and re-execute the stealer on every launch of the IDEs. Furthermore, it installs a gh-token-monitor service to monitor and re-exfiltrate GitHub tokens, and injects two malicious GitHub Actions workflows to serialize repository secrets into a JSON object and upload the data to an external server ("api.masscan[.]cloud")."
"TanStack has since traced the compromise to a chained GitHub Actions attack involving the "pull_request_target" trigger, GitHub Actions cache poisoning, and runtime memory extraction of an OIDC token from the GitHub Actions runner process. "No npm tokens were stolen, and the npm publish workflow itself was"
TeamPCP has been linked to a supply-chain attack campaign targeting npm and PyPI packages associated with TanStack, UiPath, Mistral AI, OpenSearch, and Guardrails AI. Modified npm packages include an obfuscated JavaScript file that profiles the execution environment and launches a credential stealer. The stealer targets cloud providers, cryptocurrency wallets, AI tools, messaging apps, and CI systems, including GitHub Actions and multiple security-related services. Stolen data is exfiltrated to the filev2.getsession[.]org domain, with a fallback that commits encrypted data to attacker-controlled GitHub repositories using stolen GitHub tokens via the GitHub GraphQL API. The malware adds persistence for Claude Code and VS Code, monitors GitHub tokens, and injects malicious GitHub Actions workflows to serialize repository secrets and upload them to api.masscan[.]cloud. TanStack traced one compromise to a chained GitHub Actions attack using pull_request_target, cache poisoning, and runtime memory extraction of an OIDC token from the runner process.
#supply-chain-attacks #npmpypi-compromise #credential-theft #github-actions-exploitation #persistence-in-developer-tools
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]