
Summaries like this, in your inbox every morning.
Sign up free →Multiple npm packages from Namastex Labs (@automagik/genie versions 4.260421.33–4.260421.39, pgserve 1.1.11–1.1.13, and others) were compromised with malware that executes during installation. The malware steals API keys, SSH credentials, cloud provider tokens, and crypto-wallet data from developer machines, then sends it to attacker-controlled servers.
This malware uses the same technique as a previous attack called CanisterWorm: it harvests stolen npm publishing credentials, downloads other packages the developer can access, injects malicious code into them, and republishes under the developer's credentials. It also attempts the same attack on PyPI (Python's package repository), turning one infected developer into a springboard to compromise many projects.
If you use @automagik/genie (6,744 weekly downloads) or pgserve (1,300 weekly downloads), or any package from Namastex Labs, you should: immediately audit your npm and cloud credentials for unauthorized access, rotate any API keys or secrets that were in your environment variables or local config files, and check your GitHub and npm publishing logs for suspicious activity. If you published packages during the attack window, assume those packages may also be compromised.
No discussion yet for this article
Get curated AI news from 200+ sources delivered daily to your inbox. Free to use.
Get Started FreeFree · takes 30 seconds · unsubscribe anytime
1 minute a day. The AI essentials.
200+ sources · Email / LINE / Slack