AIToday

Malware hits Namastex.ai npm packages—steals developer credentials and spreads to other projects

Hacker NewsApr 26, 20262 min read
Malware hits Namastex.ai npm packages—steals developer credentials and spreads to other projects

Summaries like this, in your inbox every morning.

Sign up free →

3 Key Points

  1. Multiple npm packages from Namastex Labs (@automagik/genie versions 4.260421.33–4.260421.39, pgserve 1.1.11–1.1.13, and others) were compromised with malware that executes during installation. The malware steals API keys, SSH credentials, cloud provider tokens, and crypto-wallet data from developer machines, then sends it to attacker-controlled servers.

  2. This malware uses the same technique as a previous attack called CanisterWorm: it harvests stolen npm publishing credentials, downloads other packages the developer can access, injects malicious code into them, and republishes under the developer's credentials. It also attempts the same attack on PyPI (Python's package repository), turning one infected developer into a springboard to compromise many projects.

  3. If you use @automagik/genie (6,744 weekly downloads) or pgserve (1,300 weekly downloads), or any package from Namastex Labs, you should: immediately audit your npm and cloud credentials for unauthorized access, rotate any API keys or secrets that were in your environment variables or local config files, and check your GitHub and npm publishing logs for suspicious activity. If you published packages during the attack window, assume those packages may also be compromised.

Discussion

No discussion yet for this article

Stay ahead with AI news

Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.

Get Started Free

Free · takes 30 seconds · unsubscribe anytime

1 minute a day. The AI essentials.

200+ sources · Email / LINE / Slack

Get it free →