Executive Summary
As of August 26, 2025, threat actors uploaded malicious versions of the Nx build system packages to the npm registry. The malware hidden within these packages was engineered to steal developer secrets, such as GitHub tokens, npm tokens, SSH keys, environment files, and even cryptocurrency wallets.
The most worrying aspect of this incident is that it integrated AI command-line tools (Claude, Gemini, and Q) to advance reconnaissance and exfiltration. This is the first known incident where developers’ AI tools were maliciously used to escalate a supply chain attack.
Within hours, thousands of GitHub repositories were created inside victim accounts named s1ngularity-repository
, publicly leaking stolen data. Although GitHub disabled many of these repos, the exposure window was enough for attackers to harvest credentials at scale.
This attack serves as a stark reminder for businesses that depend on open-source packages within their software development pipelines.
What Happened?
- Attackers compromised an npm publishing token belonging to an Nx maintainer.
- Eight malicious versions of Nx and multiple plugins were released:
nx
: 20.9.0 → 20.12.0, 21.5.0 → 21.8.0@nx/devkit
,@nx/js
,@nx/node
,@nx/workspace
,@nx/eslint
,@nx/key
,@nx/enterprise-cloud
- A malicious
telemetry.js
file executed on install, performing:- File system scanning for
.env
, SSH keys, keystores, wallets - Token harvesting (
gh auth token
, npmrc, API keys) - Persistence/DoS: appending
sudo shutdown -h 0
to~/.bashrc
and~/.zshrc
- AI exploitation: using local AI CLIs with dangerous flags (
--dangerously-skip-permissions
,--trust-all-tools
) to expand reconnaissance - Exfiltration: creating GitHub repos named
s1ngularity-repository
and uploading triple-base64 encodedresults.b64
files with stolen secrets
- File system scanning for
Impact window: ~5 hours of active distribution + ~8 hours of public repo exposure.
Why This Attack Matters
- AI Abuse in Malware
Attackers turned trusted AI CLIs into unwitting accomplices, bypassing guardrails and expanding attack surface. - Developer Assets as Targets
Stolen SSH keys, GitHub tokens, and.env
files provide direct entry points into CI/CD pipelines and cloud infrastructure. - Supply Chain Blast Radius
With Nx downloaded 4M+ times/week, the potential reach of this compromise is enormous.
What Organizations Should Do Immediately
1. Bluefire Redteam Scanner
To help developers and security teams quickly detect exposure, Bluefire Redteam has released a free, open-source scanner on npm.
Run it instantly with:
npx @bluefire-redteam/nx-s1ngularity-check
⚠️ Important: Always use the scoped package @bluefire-redteam/nx-s1ngularity-check
.
Do not use any unscoped package — it is unrelated and may confuse users.
What it detects
- Malicious Nx versions in lockfiles (
package-lock.json
,yarn.lock
,pnpm-lock.yaml
) - Node modules payloads containing
telemetry.js
- Host IoCs (
sudo shutdown -h 0
in.bashrc
/.zshrc
,/tmp/inventory.txt*
) - Exfil files (
results.b64
) with automatic triple base64 decoding - GitHub repos created by the malware (
s1ngularity-repository*
) using your token
References
- GitHub Repo: bluefire-nx-s1ngularity-check
- NPM Package: @bluefire-redteam/nx-s1ngularity-check
Integrate it into your local dev environment or CI/CD pipelines to prevent silent exposure.
2. If you are affected, then:
1. Remove Malicious Versions
rm -rf node_modules
npm cache clean --force
npm install nx@latest
2. Rotate All Credentials
- GitHub: Revoke PATs and OAuth apps, enforce 2FA
- npm: Revoke tokens
- SSH keys: Generate new pairs
- Cloud/API keys: Rotate environment secrets
- Crypto wallets: Move funds to new wallets
3. Monitor Logs & Pipelines
- Review GitHub audit logs for unexpected
repo.create
events - Monitor CI/CD for anomalous API calls during
npm install
- Use runtime monitoring (e.g., StepSecurity Harden-Runner, Wiz Threat Center)
Broader Implications
This compromise represents a new frontier in supply chain threats:
- AI Weaponization: Expect more attackers to hijack LLM-powered tools.
- Pipeline Risk: CI/CD is no longer safe from package-based malware.
- Trust Erosion in OSS: Token compromise of a maintainer account can impact millions.
Organizations must move toward Zero Trust for developer environments — assume that even trusted dependencies can be hostile.
How Bluefire Redteam Can Help Further
At Bluefire Redteam, we specialize in supply chain security and real-world adversary simulation. Our teams can help you:
- Run SBOM-based audits to detect malicious dependencies across repos.
- Deploy runtime detection for CI/CD pipelines.
- Conduct secret exposure reviews and credential hygiene workshops.
- Perform Purple Teaming exercises simulating real-world supply chain compromises.
Conclusion
The Nx “s1ngularity” incident shows us that supply chain attacks are evolving — and now include AI-assisted malware. Developers and organizations must act quickly to detect, contain, and recover from such compromises.
You can lessen your chances of becoming the next victim by hardening your pipelines now and learning from this attack.