How a Popular VS Code Extension Became a Supply Chain Attack Vector
The Nx Console vulnerability underscores how a single compromised developer tool can trigger a broad supply chain attack. Version 18.95.0 of the rwl.angular-console extension, a widely used UI for Nx in VS Code, Cursor, and JetBrains with over 2.2 million installs, was silently weaponized. Attackers abused stolen GitHub credentials belonging to an Nx developer to push an orphan, unsigned commit into the official nrwl/nx repository. When developers opened any workspace, the tampered extension fetched and executed a 498 KB obfuscated payload from this dangling commit. This design turned a trusted productivity add-on into a conduit for credential stealer malware without any user interaction. Although the Open VSX variant remained unaffected, VS Code extension security was significantly undermined, revealing how deeply IDE ecosystems depend on the integrity of upstream repositories and developer authentication workflows.
Inside the 498 KB Multi-Stage Credential Stealer Payload
Once triggered, the malicious Nx Console update installed the Bun JavaScript runtime and executed an obfuscated index.js script as a detached background process. The payload was a multi-stage credential stealer and supply chain poisoning tool designed to persist and evade detection. It performed checks to avoid machines in specific time zones and then began harvesting secrets from a wide range of developer resources, including 1Password vaults, Anthropic Claude Code configurations, and credentials for npm, GitHub, and AWS. Exfiltration channels included HTTPS, the GitHub API, and DNS tunneling, giving the attacker resilient communication paths. On macOS, a Python backdoor (cat.py) was deployed via a LaunchAgent, using the GitHub Search API as a dead drop resolver for new commands. This blend of stealth, extensibility, and multi-protocol exfiltration illustrates how credential stealer malware has evolved beyond simple token grabs into full-featured, developer-focused espionage tooling.
What Credentials Were at Risk and Why Rotation Was Urgent
Developers using Nx Console 18.95.0 during the short exposure window were advised to assume compromise and immediately rotate credentials. The malware targeted any secrets reachable from the affected machine, including API tokens, SSH keys, npm and GitHub authentication, AWS credentials, and password manager-stored data such as 1Password entries. Because the payload integrated Sigstore and SLSA provenance generation, stolen npm OIDC tokens could be abused to publish malicious packages with cryptographically valid attestations, making them appear as legitimate builds. This elevated the threat from individual account takeover to broader ecosystem poisoning. Users were instructed to terminate malicious Python processes, remove artifacts like cat.py and related LaunchAgents, and systematically revoke and recreate all tokens, keys, and secrets. The Nx team reported that a limited number of users were confirmed compromised, but the nature of the tooling meant even brief exposure warranted full credential hygiene.
Broader Developer Tool Supply Chain Risks Highlighted by Nx Incident
This Nx Console incident is part of a wider trend of attacking developer tool security through supply chain vectors. The same research surfaced numerous malicious npm packages, including impostors such as noon-contracts and trojanized forks like martinez-polygon-clipping-tony, which installed remote access trojans, stole SSH keys and crypto wallets, or hijacked Telegram accounts. Other packages targeted browser session cookies, Kubernetes secrets, and even installed LLM proxy services to route AI traffic through compromised hosts. A coordinated credential harvesting campaign leveraged dependency confusion against CI/CD pipelines of major organizations. Compared with a prior s1ngularity campaign that infected Nx ecosystem npm packages, the latest attack moved closer to developers by targeting the VS Code extension itself. Together, these events show that IDEs, extensions, and package registries form intertwined dependency chains, where a single weak link can cascade into widespread credential exposure and supply chain compromise.
Practical Steps for Securing VS Code Extensions and Development Environments
Developers can reduce exposure to similar attacks by hardening both their IDEs and credential management practices. First, closely monitor VS Code extension security by reviewing update prompts, changelogs, and publisher signatures, and avoid blind auto-updates for critical plugins. Validate extension integrity by checking official repositories and comparing hashes when possible. Second, minimize long-lived tokens and broad-scoped credentials; prefer short-lived, role-based access and segregate secrets across environments. Use dedicated machines or profiles for sensitive work and limit what password managers and tooling can access by default. Third, proactively scan for indicators of compromise such as unexpected processes, unusual network activity, or suspicious files like temporary Python scripts and LaunchAgents. Finally, implement organization-wide supply chain security controls: enforce signed builds, monitor npm dependencies for anomalies, and adopt zero-trust principles around CI/CD and IDE integrations to contain the blast radius of any single compromise.