A widespread supply chain attack on the popular Nx build system has compromised dozens of high-traffic packages, exposing sensitive credentials and demonstrating a frighteningly comprehensive approach to future threats.
Security researchers have confirmed that malicious versions of Nx—numbered 20.9.0 through 21.8.0—systematically scanned infected machines for a broad range of secrets before exfiltrating them to public GitHub repositories in an elaborately encoded format.
Upon installation, the tainted Nx packages launched routines to harvest GitHub tokens, npm authentication keys, SSH private keys, environment-variable API keys, and cryptocurrency wallet files.
The malware probed common file paths and environment variables, pursuing a full spectrum of credentials to facilitate lateral movement across developer systems.
Once gathered, stolen secrets were double-base64 encoded and pushed to uniquely named “s1ngularity-repository” GitHub repos, each containing a single results.b64 file. This method ensured data integrity while slipping past basic detection mechanisms.
GitHub application exists and facilitates interactions between NX Cloud and GitHub.
First of all, it must be noted that exfiltration on GitHub is effective. At the height of the wave, nearly 1,400 repositories were publicly accessible via GitHub.
In a nod to internet folklore, analysts discovered that one attacker encoded the YouTube link to Rick Astley’s “Never Gonna Give You Up,” proving supply chain hackers aren’t immune to classic pranks.
Destructive Payloads and LLM Vectors
Beyond credential theft, the malware included destructive routines that modified users’ shell startup files (~/.bashrc and ~/.zshrc) with shutdown commands.
This meant that opening a new terminal session could crash the host machine, effectively sowing chaos in development environments.
Remarkably, the attackers attempted to leverage Large Language Model (LLM) clients as a novel attack surface.
Malicious code targeted configuration files and authentication tokens for AI CLI tools such as Claude, Gemini, and Q—aware that these tools often operate with elevated permissions and direct access to sensitive development workflows.
By enumerating and harvesting LLM credentials, attackers aimed to expand their reach deep into modern AI-powered pipelines.
LLM Tool Prevalence: Of the compromised systems, 33% had at least one LLM client installed, validating the attackers’ strategy of exploiting AI tools.
LLM Compliance Resistance: Among 366 systems targeted for LLM enumeration, only 95 complied by writing a /tmp/inventory.txt file. Many AI tools explicitly refused credential-harvesting commands, offering an unintended layer of defense in the development stack.
Operating System Bias: Analysis shows that 85% of infected machines were running macOS, underscoring the attack’s strong impact on Apple’s developer ecosystem.
GitGuardian’s Public Monitoring
GitGuardian’s monitoring infrastructure—visible to attackers and defenders alike—tracked 1,346 repositories bearing the “s1ngularity-repository” prefix.
In contrast, GitHub’s public API listed only ten active repos, indicating rapid takedowns. Between August 27 at 00:32:48 and 15:36:57 CET, GitGuardian detected 1,079 repositories containing at least one leaked secret, totaling 2,349 distinct credentials.
The most frequent leaks involved GitHub OAuth App keys, npm tokens, AWS credentials, and OpenAI API keys—many still valid at the time of analysis.
Half of these secrets remained active, highlighting slow rotation practices among developers.
On August 28, GitGuardian published the S1ngularity Scanner, a free, open-source tool that inspects local environments for files compromised in this attack.
The scanner hunts environment variables and known exploit files, empowering dev teams to detect and remediate breaches swiftly.
To help developers assess exposure risk, GitGuardian added hashed versions of all exfiltrated credentials to its HasMySecretLeaked database .
Users can locally hash their secrets and query the service without revealing actual values. For bulk checks, GitGuardian recommends:
bashpip install ggshield
ggshield hmsl check --type env <(env)
# For exfiltrated results:
cat results.b64 | base64 -d | base64 -d > results.txt
ggshield secret scan path --show-secrets --json results.txt | jq -rc '.entities_with_incidents[].incidents[].occurrences[].match' > secrets.txt
ggshield hmsl check secrets.txt
Automated rotation and real-time detection have become nonnegotiable to defend against supply chain threats that weaponize leaked secrets within hours.
As supply chain attacks grow more sophisticated, scaling secret management and LLM-aware defenses will be vital for resilient software delivery.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates.
Source link
