TempMail Ninja
//

Nx Console Attack: GitHub Source Code Breached via Malicious VS Code Extension

1 min read
TempMail Ninja
Nx Console Attack: GitHub Source Code Breached via Malicious VS Code Extension

ensure that developer machines are free of the malicious Nx Console version. Security teams are advised to execute the following mitigation protocol:” (28 words)

List 3 (Remediation steps & IoCs):
`

    `
    `

  1. Identify and Delete: Locate and remove version 18.95.0 of the Nx Console extension (registered as nrwl.angular-console). Ensure developers update immediately to version 18.100.0 or higher.

    2. `
    `

  2. Hunt for Files: Scan the local filesystem, particularly on macOS systems, for the presence of the following files:`
    `

      `
      `

    • ~/.local/share/kitty/cat.py

      • `
      `

    • ~/Library/LaunchAgents/com.user.kitty-monitor.plist

      • `
      `

    • /var/tmp/.gh_update_state

      • `
      `

    • /tmp/kitty-*

      • `
      `

    `
    `

    3. `
    `

  3. Kill Active Processes: Terminate any active Python processes running cat.py or any system process operating with the environment variable __DAEMONIZED=1.

    4. `
    `

  4. Rotate Secrets: If version 18.95.0 is found to have run on any workstation, treat all credentials residing on that machine as compromised. Immediately rotate AWS IAM keys, HashiCorp Vault tokens, npm publisher credentials, private SSH keys,

Tags

Cybersecurityide extensionsoftware vulnerabilitysupply chain
TN

Written by

TempMail Ninja

Digital privacy and online security expert. Passionate about creating tools that protect users' identity on the internet.

You might also like

ChatGPT Malware Targets Windows and Mac Users via Fake Download Site

FIFA Phishing Scams: FBI Warns of Fake World Cup Ticket Websites

Ghost CMS Vulnerability Exploited: 700+ Websites Hit by ClickFix Malware