Malicious Open Source Packages Target Developers

The fake Next.js repositories were discovered by Microsoft and were designed to appear as coding projects for job interviews. This developer-focused campaign aimed for remote code execution by running malicious JavaScript in memory as soon as a developer cloned and opened the repository locally. The attack had multiple triggers, including a VS Code task that executed on folder open and another that ran when a developer executed "npm run dev". The fraudulent package "StripeAPI.net" was a typosquatting attack on the popular and legitimate "Stripe.net" library, which has over 75 million downloads. The malicious package mimicked the original's icon and documentation to appear credible and even artificially inflated its download count to over 180,000 across 506 different versions. The malware was designed to capture API tokens during the StripeClient initialization and exfiltrate them to a Supabase-managed database. The "RoguePilot" vulnerability was an AI-driven attack that allowed for repository takeover by injecting malicious instructions for GitHub Copilot into a GitHub issue. Discovered by security firm Orca Security, this passive prompt injection attack required no direct user interaction to trigger. When a developer launched a Codespace from a compromised issue, Copilot would automatically process the hidden, malicious prompts and could be instructed to exfiltrate sensitive data like the GITHUB_TOKEN. These incidents are part of a larger trend of attacks on the software supply chain. In one campaign, over 500 npm packages were compromised by a self-propagating worm that harvested and publicly exposed secrets. Another attack saw a malicious npm package imitating Ember.js get downloaded nearly 50,000 times, leading to full system compromise for those who installed it.