@nx/js
@nx/js is identified in the SafeDep analysis "nx Build System Compromised Targeting Linux and MacOS developers". The popular npm package `nx` was compromised, targeting Linux and macOS developers. Malicious versions included a postinstall script that stole credentials, exfiltrated sensitive files, and added destructive commands to shell configs, causing system shutdowns and data leaks.
discovered 2025-08-27
Threat types
credential_stealerdata_exfiltrationwiper
Malicious versions
- 20.9.0
Campaigns
Techniques
- ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
- ttpT1041 Exfiltration Over C2 Channeluses
- ttpT1552.004 Unsecured Credentials: Private Keysuses
- ttpT1528 Steal Application Access Tokenuses
- ttpT1071.001 Application Layer Protocol: Web Protocolsuses
- ttpT1102 Web Serviceuses
- ttpT1546 Event Triggered Executionuses
- ttpT1485 Data Destructionuses
