๐จ Malware attack using an AI coding agent
Software security is getting more and more complicated!
๐น A hacker uploaded to npm malicious versions of the NX packages (a build system for JS/TS) using a compromised maintainer token.
๐น Those malicious versions contained a postinstall script that activated AI CLIs (Claude, Gemini, Amazon Q) using flags to enable the AI full access.
๐น The script gave AI agents a prompt to search the file system and collect the names of all configuration files, including sensitive files such as SSH keys, dot env, wallets, npm/GitHub tokens.
๐น Data was exfiltrated to public GitHub repos named s1ngularity-repository-*
๐น Shell config files were sabotaged with sudo shutdown -h 0 to cause immediate system shutdown.
The very AI tools developers are beginning to trust to boost productivity can be flipped into autonomous threat actors.
๐ง Some considerations for devs:
๐ If you have a CI script that depends on installing packages, it makes sense to secure it by avoiding "npm install" and using "npm ci --ignore-scripts" instead to neutralize a malicious "postinstall".
๐ Check that the packages you use in your app have provenance. For example, checking the provenance of the package PlayWright "npm view playwright dist.integrity" will give you the package's cryptographic record (in the attack, the package didn't have one).
๐ You can check your packages for security, trust, and quality signals using "npx npq install <packageName>".
๐ You can manually check your packages using https://snyk.io/advisor/
There are other recommendations in the Snyk link below:
https://lnkd.in/gEkf_4VA
#AppSec #AIsecurity #SoftwareSupplyChain #npm #DevSecOps #Nx #OpenSourceSecurity #Cybersecurity #AI #Infosec #Snyk #LinkedInTech