3,800 Internal GitHub Repositories Lost Due to Malicious Nx Console VS Code Extension
Published
Key Takeaways
- Massive Data Compromise: GitHub lost 3,800 internal repositories during a targeted security incident linked to the TanStack compromise and GitHub CLI.
- Malicious Update Vector: A poisoned Nx Console VS Code extension enabled unauthorized access to the company’s infrastructure.
- Supply-Chain Risk: The extension breach exposed sensitive developer credentials, introducing severe operational vulnerabilities.
A recent GitHub cybersecurity incident resulted in the loss of 3,800 internal repositories. The unauthorized network access was enabled through a poisoned developer utility – a malicious update to the Nx Console Visual Studio Code (VS Code) extension that fetched an obfuscated payload that harvested credentials from multiple sources on disk and in memory. GitHub identified the TanStack compromise and GitHub CLI as the attack vectors.
The update is part of an investigation into potential unauthorized access to its internal repositories following the TeamPCP threat actor's claim of breaching approximately 4,000 GitHub repositories related to the company's internal infrastructure.
Malicious Nx Console VS Code Extension
The compromised Nx Console extension, which has 2.2 million installs and a verified publisher badge, served as the primary vector for the intrusion, allowing attackers to bypass standard perimeter security controls and access GitHub's internal proprietary infrastructure. The same build also went out on OpenVSX.
“Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension,” GitHub has announced. “Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only.”
Version 18.95.0 of the Nx Console extension was uploaded to the Visual Studio Marketplace at 12:30 UTC on May 18, remaining exposed for about 18 minutes until Microsoft fully registered the takedown at 12:48 UTC.
Harvested data was exfiltrated via HTTPS, the GitHub API, and DNS, while on Linux, it also attempted sudoers injection for persistence. Impacted credentials include:
- Vault — ~/.vault-token, /etc/vault/token; Kubernetes and AWS IAM auth
- npm — .npmrc tokens and OIDC token exchange
- AWS — IMDS/ECS metadata, Secrets Manager, SSM, Web Identity tokens
- GitHub — ghp_/gho_/ghs_ tokens, Actions secrets, process memory
- 1Password — op CLI vault contents, if an op session was active
- Filesystem — private keys, connection strings, GCP/Docker credentials
Supply Chain Risk
Following the deployment of the poisoned Nx Console update, the company said it removed the malicious extension version, isolated the endpoint, and immediately began incident response. GitHub said it rotated critical secrets, prioritizing the highest-impact credentials.
“Auto-update gives an attacker who controls a release a direct push channel into every machine running that extension,” the Aikido researchers said. “Marketplaces don't impose any review gate or waiting period between when an update is published and when installed clients pull it in.”
Nx Console 18.100.0 is the latest version to update to. If you were affected or suspect you may have been affected:
- Update Nx Console to 18.100.0 or later. It is important that the malicious version is not running anymore as it will start the rest of the process.
- Kill any __DAEMONIZED and cat.py processes. It is important to kill these processes as they actively try to exfiltrate credentials.
- Delete the persistence artifacts listed above. On macOS, the LaunchAgent must be unloaded before it is deleted, or it stays active in launchd: launchctl unload ~/Library/LaunchAgents/com.user.kitty-monitor.plist.
- Rotate every credential reachable from the machine — tokens, secrets, and SSH keys — and audit access logs for the affected accounts.
Recently, Grafana Labs announced a GitHub breach following Coinbase Cartel intrusion claims. Last week, TeamPCP claimed a Mistral AI breach around the same time the company announced it was impacted by the TanStack supply chain attack.
In March, researchers at Socket analyzed a GitHub phishing campaign using fake VS Code alerts to urge developers to patch fabricated CVEs. In October 2025, malicious VS Code extensions delivered TigerJack malware, infecting over 17,000 developers.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular