Supply Chain Attack Targeting Linux and Mac
kaspersky.co.ukI got smooched by this mofo. Got an email from GitHub Sec saying a repo in my own account was deleted because of a known vuln.
My NX Console EXTENSION in VS Code was updated after the supply chain attack was initialized by the malicious actor.
The symptom, besides the email from GitSec, was all my terminals initialized prompted for sudo pw, because ~/.bashrc had sudo shutdown appended.
The Kaspersky article says the hackers were focused on crypto wallets, env vars, and ssh keys, but what about .azure/cache-tokens.json, .aws/creds, .gcp/creds, etc.?
And the worst toolchain+ecosystem award goes to...
…JavaScript or VS Code Extensions? (Or both)
Drum roll please...