A compromised version of the widely used Nx Console VS Code extension was published to the Visual Studio Code Marketplace on May 18, 2026, silently targeting developer credentials, cloud infrastructure tokens, and CI/CD pipeline secrets across thousands of machines.
The incident marks the second supply chain attack against the Nx ecosystem in under a year, raising serious concerns about the security of open-source developer tooling relied upon by millions worldwide.
Version 18.95.0 of the extension, identified as nrwl.angular-console, was pushed to the marketplace with malicious code hidden inside its bundled main.js file.
With over 2.2 million installations across the globe, the extension is a daily staple in many professional development environments.
Within seconds of a developer opening any workspace, the compromised extension silently fetched and ran a 498 KB obfuscated payload pulled from a hidden orphan commit buried deep inside the official nrwl/nx GitHub repository.
Researchers at StepSecurity identified the full attack and illustrated in a report shared with Cyber Security News, a detailed breakdown of its complex, multi-stage infection chain.
The payload is described as a sophisticated credential stealer that reaches far beyond simple file theft, targeting GitHub tokens, npm credentials, AWS secrets, HashiCorp Vault tokens, Kubernetes configurations, and even 1Password vault items that were accessible through the command line.
The malicious version remained live for just eleven minutes before the Nx team detected the rogue publish and removed it from the marketplace at 12:47 UTC.
Despite that short window, the threat actor had designed the payload to operate with speed, daemonizing itself in the background and running multiple credential collectors simultaneously to maximize the volume of secrets harvested before anyone could intervene.
What makes this attack especially alarming is its use of Sigstore attestation logic, which could give the attacker the ability to publish downstream npm packages carrying valid, cryptographically signed provenance.
This means packages touched by the attacker could pass standard signature verification checks, potentially spreading the damage well beyond the developer machines that were directly exposed during the eleven-minute compromise window.
Hackers Abuse Microsoft Entra ID Accounts
The attack started when a contributor’s GitHub personal access token was stolen during a separate, earlier supply chain incident.
Using that stolen token, the attacker pushed an orphan commit, referenced as 558b09d7, to the nrwl/nx repository at 03:18 UTC.
.webp)
This commit had no parent commits and was completely unreachable from any branch, making it invisible to anyone who did not already know the exact SHA.
The orphan commit replaced the entire Nx monorepo with just two files: a package.json and a heavily obfuscated index.js payload.
At 12:36 UTC, the attacker then used stolen VS Code Marketplace publishing credentials to release the poisoned extension, which was configured to silently fetch and execute that hidden payload the moment a developer opened any workspace, all without showing any visible sign of unusual activity.
Credential Theft and Persistent Backdoor
The payload ran six specialized collector classes simultaneously, each built to harvest a different category of secrets.
On Linux systems, it also probed for passwordless sudo access, and if successful, injected a sudoers rule to establish persistent root-level access on the affected host.
On macOS, the payload installed a Python-based backdoor at ~/.local/share/kitty/cat.py, registered as a LaunchAgent to run automatically every hour.
This backdoor used the GitHub Search API as a covert command-and-control channel, polling for attacker-signed instructions every sixty minutes, an approach that blends in naturally with normal developer traffic and is unlikely to trigger alerts from corporate firewalls or endpoint detection tools.
Anyone who had Nx Console installed with auto-update enabled and opened a workspace between 12:36 and 12:47 UTC on May 18 should treat their machine as fully compromised.
StepSecurity recommends updating immediately to version 18.100.0 or later, removing all persistence artifacts, killing orphaned background processes, and rotating every credential reachable from the affected machine, including GitHub tokens, npm tokens, SSH keys, AWS credentials, and any secrets that were held in process memory at the time of compromise.
Indicators of Compromise (IoCs)
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
The post Hackers Abuse Microsoft Entra ID Accounts to Exfiltrate Microsoft 365 and Azure Data appeared first on Cyber Security News.
Tushar Subhra Dutta
About the Author
.webp)