Nx Console VS Code Extension Compromised in Sophisticated Supply Chain Attack
In May 2026, attackers hijacked the widely used Nx Console Visual Studio Code extension, turning it into a credential-stealing tool that exposed millions of developers. The malicious version (18.95.0) of the extension installed over 2.2 million times was published to the official VS Code Marketplace on May 18 using stolen credentials.
The attack unfolded in stages, beginning with an earlier breach that compromised a contributor’s GitHub personal access token. At 03:18 UTC, the attacker pushed an orphan commit to the nrwl/nx repository, replacing its contents with just two files: a package.json and an obfuscated index.js payload. By 12:36 UTC, the malicious extension was live, injecting a 2,777-byte backdoor into its main.js file. The payload activated the moment a developer opened any workspace.
Within 11 minutes, the Nx team detected and removed the compromised version, but the damage was already done. The malware targeted a broad range of credentials, including tokens from GitHub, npm, AWS, HashiCorp Vault, Kubernetes, and 1Password, as well as Claude AI coding assistant configurations one of the first known supply chain attacks to exploit AI tooling. Stolen data was exfiltrated via HTTPS, GitHub API abuse, and DNS tunneling, ensuring redundancy if one channel was blocked.
On macOS, the payload installed a persistent Python backdoor (~/.local/share/kitty/cat.py) that checked in hourly for new commands, signed with a 4096-bit RSA key. The malware also employed anti-analysis techniques, avoiding execution on machines with fewer than four CPU cores or those in Russian/CIS time zones to evade detection.
The attack leveraged Sigstore integration, allowing the attacker to forge cryptographically signed npm packages using stolen OIDC tokens, making malicious packages appear legitimate. Security firm StepSecurity confirmed this was the second supply chain incident targeting the Nx ecosystem in a year.
Developers who installed version 18.95.0 and opened a workspace between 12:36 and 12:47 UTC on May 18 should assume all credentials on the affected machine were compromised. The Nx team released a patched version (18.100.0) and provided indicators of compromise (IoCs) for detection, including file hashes, Git commit SHAs, and exfiltration endpoints.
Source: https://cybersecuritynews.com/nx-console-vs-code-extension-compromised/
GitHub TPRM report: https://www.rankiteo.com/company/github
npm TPRM report: https://www.rankiteo.com/company/npm-inc-
Microsoft TPRM report: https://www.rankiteo.com/company/microsoft-visual-studio
Nx TPRM report: https://www.rankiteo.com/company/nxp-semiconductors
"id": "npmgitnxpmic1779193496",
"linkid": "npm-inc-, github, nxp-semiconductors, microsoft-visual-studio",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Over 2.2 million installations '
'of the malicious extension',
'industry': 'Technology/Software Development',
'name': 'Nx (Nrwl)',
'type': 'Software Development Tool'}],
'attack_vector': ['Stolen GitHub personal access token',
'Malicious VS Code extension update'],
'customer_advisories': 'Developers who installed version 18.95.0 and opened a '
'workspace between 12:36 and 12:47 UTC on May 18 '
'should assume all credentials on the affected machine '
'were compromised.',
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': 'Potential (depending '
'on developer '
'workspace contents)',
'sensitivity_of_data': 'High (cloud access tokens, API keys, '
'PII in developer workspaces)',
'type_of_data_compromised': ['Credentials',
'Developer workspace data',
'AI tooling configurations '
'(Claude AI)']},
'date_detected': '2026-05-18T12:47:00Z',
'date_resolved': '2026-05-18T12:47:00Z',
'description': 'In May 2026, attackers hijacked the widely used Nx Console '
'Visual Studio Code extension, turning it into a '
'credential-stealing tool that exposed millions of developers. '
'The malicious version (18.95.0) of the extension, installed '
'over 2.2 million times, was published to the official VS Code '
'Marketplace on May 18 using stolen credentials. The malware '
'targeted credentials from GitHub, npm, AWS, HashiCorp Vault, '
'Kubernetes, 1Password, and Claude AI coding assistant '
'configurations. Stolen data was exfiltrated via HTTPS, GitHub '
'API abuse, and DNS tunneling. The attack leveraged Sigstore '
'integration to forge cryptographically signed npm packages '
'using stolen OIDC tokens.',
'impact': {'brand_reputation_impact': 'High (second supply chain incident in '
'a year for Nx ecosystem)',
'data_compromised': 'Credentials (GitHub, npm, AWS, HashiCorp '
'Vault, Kubernetes, 1Password, Claude AI), '
'developer workspace data',
'identity_theft_risk': 'High (stolen credentials could lead to '
'further breaches)',
'operational_impact': 'Developers required to rotate all '
'credentials, potential unauthorized access '
'to cloud resources and repositories',
'systems_affected': 'Developer machines with Nx Console VS Code '
'extension (version 18.95.0)'},
'initial_access_broker': {'backdoors_established': ['Orphan commit in GitHub '
'repository',
'Python backdoor on macOS '
'(~/.local/share/kitty/cat.py)'],
'entry_point': 'Stolen GitHub personal access token',
'high_value_targets': 'Developer credentials, cloud '
'access tokens, AI tooling '
'configurations'},
'investigation_status': 'Completed (malicious version removed, IoCs '
'published)',
'lessons_learned': 'Need for stricter access controls on GitHub repositories, '
'enhanced monitoring of extension marketplace updates, and '
'improved credential hygiene for developers. Importance of '
'detecting and mitigating supply chain attacks targeting '
'developer tools and AI integrations.',
'motivation': ['Credential theft',
'Data exfiltration',
'Supply chain compromise'],
'post_incident_analysis': {'corrective_actions': ['Enforce multi-factor '
'authentication for all '
'contributors',
'Implement stricter access '
'controls and monitoring '
'for GitHub repositories',
'Review and harden '
'Sigstore/OIDC token '
'policies',
'Enhance detection of '
'orphan commits and '
'suspicious extension '
'updates'],
'root_causes': ['Compromised contributor '
'credentials (GitHub personal '
'access token)',
'Lack of multi-factor '
'authentication for GitHub '
'accounts',
'Insufficient monitoring of GitHub '
'repository changes',
'Abuse of Sigstore OIDC tokens for '
'package signing']},
'recommendations': ['Rotate all credentials exposed on machines with the '
'malicious extension',
'Scan for backdoors (e.g., ~/.local/share/kitty/cat.py on '
'macOS)',
'Update to the patched version (18.100.0) of Nx Console',
'Implement multi-factor authentication for GitHub and npm '
'accounts',
'Monitor for suspicious activity in cloud environments '
'and repositories',
'Review Sigstore and OIDC token security policies',
'Educate developers on supply chain attack risks'],
'references': [{'source': 'StepSecurity'}],
'response': {'communication_strategy': 'Public advisory to developers, IoC '
'sharing',
'containment_measures': 'Removal of malicious extension version '
'(18.95.0) from VS Code Marketplace',
'incident_response_plan_activated': True,
'recovery_measures': 'Developers advised to rotate all '
'credentials, scan for backdoors, and '
'update to patched version',
'remediation_measures': 'Release of patched version (18.100.0), '
'publication of IoCs (file hashes, Git '
'commit SHAs, exfiltration endpoints)',
'third_party_assistance': 'StepSecurity'},
'stakeholder_advisories': 'Developers, cloud service providers, and '
'organizations using Nx tools advised to rotate '
'credentials and monitor for unauthorized access.',
'title': 'Nx Console VS Code Extension Compromised in Sophisticated Supply '
'Chain Attack',
'type': 'Supply Chain Attack',
'vulnerability_exploited': 'Compromised contributor credentials, orphan '
'commit in GitHub repository, Sigstore OIDC token '
'abuse'}