Compromised Nx Console version 18.95.0

4 min read Original article ↗

Update (May 19 13:37 UTC): Updated the timeline of the compromised VSCode extension. Added information about OpenVSX.
Update (May 20 23:46 UTC): Updated details on scope of impact
Update (May 21 00:37 UTC): Added Tanstack compromise and GitHub CLI as the attack vector.

Summary

A malicious version of Nx Console 18.95.0 was published at 12:30 PM UTC and removed soon after at 12:48 PM UTC, leaving it available for ~18 minutes in Visual Studio Marketplace. For OpenVSX, the problem was detected later, and the compromised version was available from 12:33 UTC to 13:09 UTC (~36 minutes).

Details on indications of being compromised and remediation are below.

Timeline

The Microsoft Marketplace timeline is as follows:

  • 12:30 UTC Microsoft registers extension upload for 18.95.0
  • 12:36 UTC Maintainer receives extension upload email
  • 12:47 UTC Maintainer unpublishes extension
  • 12:48 UTC Microsoft registers extension unpublish

For OpenVSX:

  • 12:30 UTC Security scan started for 18.95.0
  • 12:33 UTC Security scan completed and extension published
  • 13:09 UTC Maintainer unpublishes extension

Indicators of Compromise

Please check immediately if you were compromised by looking for the following indicators:

  • Nx Console version 18.95.0 was installed during the exposure window
  • Any of the following files exist on disk:
    • ~/.local/share/kitty/cat.py exists
    • ~/Library/LaunchAgents/com.user.kitty-monitor.plist exists
    • /var/tmp/.gh_update_state exists
    • /tmp/kitty-* exists
  • Any of the following processes are running
    • a python process running cat.py
    • a process with __DAEMONIZED=1 in its environment

Remediation

If you were affected or suspect you may have been affected, immediately do ALL of the following:

  • Update Nx Console to 18.100.0 or later. It is important that the malicious version is not running anymore as it will start the rest of the process.
  • Kill any __DAEMONIZED and cat.py processes. It is important to kill these processes as they actively try to exfiltrate credentials.
  • Delete the persistence artifacts listed above. On macOS, the LaunchAgent must be unloaded before it is deleted, or it stays active in launchd: launchctl unload ~/Library/LaunchAgents/com.user.kitty-monitor.plist.
  • Rotate every credential reachable from the machine — tokens, secrets, and SSH keys — and audit access logs for the affected accounts.

Targeted Credentials

The compromised extension fetched an obfuscated payload that harvested credentials from multiple sources on disk and in memory:

  • Vault~/.vault-token, /etc/vault/token; Kubernetes and AWS IAM auth
  • npm.npmrc tokens and OIDC token exchange
  • AWS — IMDS/ECS metadata, Secrets Manager, SSM, Web Identity tokens
  • GitHubghp_/gho_/ghs_ tokens, Actions secrets, process memory
  • 1Passwordop CLI vault contents, if an op session was active
  • Filesystem — private keys, connection strings, GCP/Docker credentials

Harvested data was exfiltrated via HTTPS, the GitHub API, and DNS. On Linux it also attempted sudoers injection for persistence.

Patches

Nx Console 18.100.0 is the latest version that users need to be on.

Root Cause

One of our developers was compromised by a recent supply-chain compromise on Tanstack, which leaked their GitHub credentials through the GitHub CLI (gh). This allowed the attacker to run workflows on our GitHub repository as a contributor.

Actions Taken

Previously a single member of our organization was able to release a new version of Nx Console without manual approval. To prevent this from happening in the future, we have hardened our Nx Console publishing pipeline such that two admins need to manually approve the release. This is the same approval process which is on our other products such as the Nx packages. This makes it much less likely because malicious publishes would need to pass through a manual approval by two admins that have been compromised.

We are continuing to investigate this incident and will update here with any further information. We are also working with Microsoft and GitHub to investigate further.

Scope of Impact

According to Microsoft and OpenVSX, download numbers for the impacted 18.95.0 version were a low 28 and 41 respectively.
However, according to our own internal analytics, we believe the impact to be two orders of magnitude higher, with thousands of affected users.
Two days after the attack, our analytics have registered approximately 6000 extension activations from VSCode and 0 from other editors (including VSCode forks like Cursor).

References

Issue: #3139
StepSecurity post: https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised