Nx Npm Malware Explained Ai Agent Hijacking

By switzerlandersing On Sep 12, 2025

GitHub - XSyki/npm-malware: Possibly The Worst Malware Ever Written. It Looks For .git Folders ...

GitHub - XSyki/npm-malware: Possibly The Worst Malware Ever Written. It Looks For .git Folders ... Why the nx malicious package attack matters: turning “helpful” ai agents into automated recon tools is a sharp escalation in open source supply chain attacks and likely one of the first publicly documented instances of ai assistant clis being coerced this way. Nx npm malware (aug 2025): attackers published malicious nx packages that weaponized ai coding agents (claude code, gemini cli, amazon q) via a postinstall script to inventory sensitive files and.

Recent NPM Malware

Recent NPM Malware Nx is an open source build platform widely used by developers to automate and streamline code testing, building and deployment workflows. version 21.5.0 of nx was compromised with data stealing malware. Nx package on npm hijacked to steal cryptocurrency wallets, github/npm tokens, ssh keys, and environment secrets and is the first documented case of malware weaponizing ai cli tools for reconnaissance and data exfiltration. Nx supply chain attack on aug 26, 2025 leaked 2,349 secrets via npm packages, risking github and cloud accounts. Nx supply chain attack: malicious npm versions of nx exfiltrated ssh keys and tokens to github—abusing ai code assistants. learn how to detect and fix.

Overview Of Agent Hijacking Attacks

Overview Of Agent Hijacking Attacks Nx supply chain attack on aug 26, 2025 leaked 2,349 secrets via npm packages, risking github and cloud accounts. Nx supply chain attack: malicious npm versions of nx exfiltrated ssh keys and tokens to github—abusing ai code assistants. learn how to detect and fix. According to researchers at wiz, those poisoned packages were laden with malware designed to siphon secrets from developers, such as github and npm tokens, ssh keys, and cryptocurrency wallet details. On august 26, 2025, multiple malicious versions of the popular nx build system were published to npm containing malware that abused ai cli developer tools (claude, gemini, q) for reconnaissance and data theft, making this one of the first documented supply chain attacks to do so. Popular nx packages on npm were compromised, not just with ordinary malware, but with a strain designed to hunt down and steal developer secrets — api keys, ssh keys, .env files, and even cryptocurrency wallets. the attack went a step further: it leveraged ai command line assistants like claude, gemini, and q. A malicious npm package successfully weaponized ai coding assistants against their users through a coordinated attack chain. the attack demonstrates a critical security gap: ai agents with broad permissions can be manipulated by malicious code/instructions to perform actions against user interests.

Malware Families Adapting To COM Hijacking Technique For Persistence

Malware Families Adapting To COM Hijacking Technique For Persistence According to researchers at wiz, those poisoned packages were laden with malware designed to siphon secrets from developers, such as github and npm tokens, ssh keys, and cryptocurrency wallet details. On august 26, 2025, multiple malicious versions of the popular nx build system were published to npm containing malware that abused ai cli developer tools (claude, gemini, q) for reconnaissance and data theft, making this one of the first documented supply chain attacks to do so. Popular nx packages on npm were compromised, not just with ordinary malware, but with a strain designed to hunt down and steal developer secrets — api keys, ssh keys, .env files, and even cryptocurrency wallets. the attack went a step further: it leveraged ai command line assistants like claude, gemini, and q. A malicious npm package successfully weaponized ai coding assistants against their users through a coordinated attack chain. the attack demonstrates a critical security gap: ai agents with broad permissions can be manipulated by malicious code/instructions to perform actions against user interests.

Agent Hijacking: The True Impact Of Prompt Injection Attacks | Snyk

Agent Hijacking: The True Impact Of Prompt Injection Attacks | Snyk Popular nx packages on npm were compromised, not just with ordinary malware, but with a strain designed to hunt down and steal developer secrets — api keys, ssh keys, .env files, and even cryptocurrency wallets. the attack went a step further: it leveraged ai command line assistants like claude, gemini, and q. A malicious npm package successfully weaponized ai coding assistants against their users through a coordinated attack chain. the attack demonstrates a critical security gap: ai agents with broad permissions can be manipulated by malicious code/instructions to perform actions against user interests.