Malicious Npm Packages Exfiltrate Hundreds Of Developer Ssh Keys Via Github

Malicious Npm Packages Used To Target GitHub Developer SSH Keys - OSINT Without Borders

Malicious Npm Packages Used To Target GitHub Developer SSH Keys - OSINT Without Borders Two malicious packages discovered on the npm package registry have been found to leverage github to store base64 encrypted ssh keys stolen from developer systems on which they were installed. On august 26, 2025, multiple malicious versions of the widely used nx build system package were published to the npm registry. these versions contained a post installation malware script designed to harvest sensitive developer assets, including cryptocurrency wallets, github and npm tokens, ssh keys, and more.

Malicious Npm Packages Used To Target GitHub Developer SSH Keys - Infosecurity Magazine

Malicious Npm Packages Used To Target GitHub Developer SSH Keys - Infosecurity Magazine Security researchers have uncovered two new malicious packages on the npm open source package manager that utilized github to store stolen base64 encrypted ssh keys taken from developer systems. these packages, identified earlier this month, have since been removed from npm. Sonatype security research tracks the npm registry campaign extracting kubernetes configs and ssh keys via npm packages. their automated system found 14 malicious packages, which were promptly reported to npm registry admins by researchers. On august 26, 2025, multiple malicious versions of the popular nx build system were published to npm containing malware that abused ai cli developer tools (claude, gemini, q) for reconnaissance and data theft, making this one of the first documented supply chain attacks to do so. In a sophisticated onslaught targeting the open source ecosystem, reports have emerged detailing several malicious npm packages that are nefariously exploiting the telegram bot api to install backdoors on unsuspecting developers’ linux systems.

SSH Keys Stolen By Stream Of Malicious PyPI And Npm Packages | Cyware Alerts - Hacker News

SSH Keys Stolen By Stream Of Malicious PyPI And Npm Packages | Cyware Alerts - Hacker News On august 26, 2025, multiple malicious versions of the popular nx build system were published to npm containing malware that abused ai cli developer tools (claude, gemini, q) for reconnaissance and data theft, making this one of the first documented supply chain attacks to do so. In a sophisticated onslaught targeting the open source ecosystem, reports have emerged detailing several malicious npm packages that are nefariously exploiting the telegram bot api to install backdoors on unsuspecting developers’ linux systems. A recent campaign targeting the open source node.js community has exposed linux developers to significant risk through malicious npm packages designed to deploy persistent ssh backdoors. Cybersecurity researchers have unearthed a troubling wave of deceitful npm packages lurking within the npm package registry. these packages have a sinister purpose: to exfiltrate kubernetes configurations and ssh keys from compromised systems to a remote server. Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply chain attack ever. Malicious packages such as node telegram utils, node telegram bots api, and node telegram util were found to impersonate the legitimate node telegram bot api package, which is widely used by developers to build telegram bots. the attack, which surfaced in early 2025, leveraged a clever deception.

Harmful NPM Packages Use GitHub To Steal Hundreds Of Developer SSH Keys

Harmful NPM Packages Use GitHub To Steal Hundreds Of Developer SSH Keys A recent campaign targeting the open source node.js community has exposed linux developers to significant risk through malicious npm packages designed to deploy persistent ssh backdoors. Cybersecurity researchers have unearthed a troubling wave of deceitful npm packages lurking within the npm package registry. these packages have a sinister purpose: to exfiltrate kubernetes configurations and ssh keys from compromised systems to a remote server. Hackers planted malicious code in open source software packages with more than 2 billion weekly updates in what is likely to be the world’s biggest supply chain attack ever. Malicious packages such as node telegram utils, node telegram bots api, and node telegram util were found to impersonate the legitimate node telegram bot api package, which is widely used by developers to build telegram bots. the attack, which surfaced in early 2025, leveraged a clever deception.

Toptal’s GitHub Hacked: 10 Malicious npm Packages Expose 5,000+ Developers!