Massive npm Supply Chain Attack Targets Mastra AI Framework with Cross-Platform Infostealer
On June 17, 2026, a sophisticated npm supply chain attack compromised over 140 packages in the Mastra AI framework ecosystem, deploying a cross-platform infostealer designed to exfiltrate cryptocurrency wallet data, browser history, and developer credentials. The campaign was independently confirmed by Microsoft and Socket security researchers.
The attacker, operating under the npm account ehindero, published malicious versions of 141 @mastra/* packages between 01:15 and 02:36 UTC. The compromised packages appeared identical to their legitimate counterparts, with the only modification being the injection of a typosquatted dependency, easy-day-js (a malicious mimic of the popular dayjs library). The rogue package, published the prior day by a separate account (sergey2016), initially released a clean version (1.11.21) to establish credibility before introducing a weaponized postinstall hook in version 1.11.22.
The attack evaded detection by embedding the malicious payload in a transitive dependency, rendering source-code reviews ineffective. The postinstall hook executed node setup.cjs --no-warnings during every npm install, initiating a multi-stage infection chain. The first-stage downloader, obfuscated via obfuscator.io, disabled TLS certificate verification to communicate with attacker-controlled infrastructure, beaconed victim identities via tracking files (~/.pkg_history and ~/.pkg_logs), and fetched a second-stage payload from 23[.]254[.]164[.]92:8000.
The second-stage implant (protocal.cjs) established persistence across Windows, macOS, and Linux, disguising itself as legitimate Node.js tooling:
- Windows: Created a registry Run key (NvmProtocal) launching a hidden PowerShell process.
- macOS: Registered a LaunchAgent (com.nvm.protocal.plist).
- Linux: Installed a systemd user unit (nvmconf.service).
The malware targeted 166 cryptocurrency wallet browser extensions, including MetaMask, Phantom, Coinbase Wallet, and TronLink, while also harvesting browser history from Chrome, Edge, and Brave via node:sqlite. Host reconnaissance collected system details (hostname, architecture, installed applications, and running processes), with all exfiltrated data sent to 23[.]254[.]164[.]123:443 using a spoofed User-Agent (Mozilla/4.0 compatible; MSIE 8.0) over a custom ICAP-style protocol.
With @mastra/core averaging 918,000 weekly npm downloads, the campaign had a massive potential impact. Systems running npm install on affected versions are considered fully compromised. Indicators of compromise (IOCs) include the malicious easy-day-js package, beacon files (~/.pkg_history, ~/.pkg_logs), and persistence artifacts (NvmProtocal, com.nvm.protocal.plist, nvmconf.service). The attacker’s infrastructure remains active, with the implant capable of executing arbitrary follow-on tasks, expanding the scope of credential theft beyond the initial payload.
Source: https://cyberpress.org/compromise-140-mastra-npm-packages/
npm TPRM report: https://www.rankiteo.com/company/npm-inc-
Mastra AI TPRM report: https://www.rankiteo.com/company/mastra-ai
"id": "masnpm1781699577",
"linkid": "mastra-ai, npm-inc-",
"type": "Cyber Attack",
"date": "6/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': 'Potentially 918,000 weekly npm '
'downloads',
'industry': 'Artificial Intelligence/Software '
'Development',
'name': 'Mastra AI framework',
'type': 'Software Framework'}],
'attack_vector': 'Malicious npm package dependency injection',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True,
'sensitivity_of_data': 'High (PII, financial data, '
'credentials)',
'type_of_data_compromised': ['Cryptocurrency wallet data',
'Browser history',
'Developer credentials',
'System details']},
'date_detected': '2026-06-17',
'date_publicly_disclosed': '2026-06-17',
'description': 'On June 17, 2026, a sophisticated npm supply chain attack '
'compromised over 140 packages in the Mastra AI framework '
'ecosystem, deploying a cross-platform infostealer designed to '
'exfiltrate cryptocurrency wallet data, browser history, and '
'developer credentials. The campaign was independently '
'confirmed by Microsoft and Socket security researchers.',
'impact': {'brand_reputation_impact': 'High (Mastra AI framework ecosystem)',
'data_compromised': 'Cryptocurrency wallet data, browser history, '
'developer credentials, system details',
'identity_theft_risk': 'High (developer credentials, PII from '
'browser history)',
'operational_impact': 'Potential full system compromise for '
'affected installations',
'payment_information_risk': 'High (cryptocurrency wallet data)',
'systems_affected': 'Windows, macOS, Linux systems running '
'compromised npm packages'},
'initial_access_broker': {'backdoors_established': 'Persistence mechanisms '
'(registry, LaunchAgent, '
'systemd)',
'entry_point': 'Typosquatted npm package '
'(easy-day-js)',
'high_value_targets': 'Cryptocurrency wallet '
'extensions, developer '
'credentials'},
'investigation_status': 'Ongoing (attacker infrastructure remains active)',
'motivation': 'Data exfiltration (cryptocurrency wallets, credentials, '
'browser history)',
'post_incident_analysis': {'root_causes': 'Transitive dependency injection, '
'weaponized postinstall hook, '
'obfuscated payload'},
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Microsoft'},
{'source': 'Socket security researchers'}],
'response': {'third_party_assistance': 'Microsoft, Socket security '
'researchers'},
'threat_actor': 'ehindero (npm account), sergey2016 (secondary account)',
'title': 'Massive npm Supply Chain Attack Targets Mastra AI Framework with '
'Cross-Platform Infostealer',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Typosquatted dependency (easy-day-js) with '
'weaponized postinstall hook'}