Full Report
Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code (VS Code) Marketplace. The extension in question is rwl.angular-console (version 18.95.0), a popular user interface and plugin for code editors like VS Code, Cursor, and JetBrains. The VS Code extension has more than 2.2 million installations. The Open
Analysis Summary
# Incident Report: Compromised Nx Console VS Code Extension
## Executive Summary
A popular VS Code extension, Nx Console (version 18.95.0), was compromised via a developer's stolen GitHub credentials, affecting over 2.2 million potential installations. The attackers injected a multi-stage credential stealer that harvested secrets from development environments, including AWS, npm, and 1Password. The incident was mitigated through the revocation of compromised credentials and the release of version 18.100.0.
## Incident Details
- **Discovery Date:** May 19, 2026 (Publicly reported)
- **Incident Date:** May 18, 2026 (Duration: 14:36 to 14:47 CEST)
- **Affected Organization:** Nx (nrwl)
- **Sector:** Software Development / DevOps Tools
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** May 18, 2026, 14:36 CEST
- **Vector:** Credential Theft / Account Takeover
- **Details:** Attackers compromised a developer's machine, obtaining GitHub credentials and bypassing existing security to push an orphaned, unsigned commit to the official repository.
### Lateral Movement
- **Mechanism:** The malware targeted developer workstations rather than the internal corporate network. It executed silently upon the opening of any VS Code workspace containing the compromised extension.
### Data Exfiltration/Impact
- **Details:** The malware harvested secrets from 1Password vaults, Anthropic Claude Code configurations, and environment-specific tokens for npm, GitHub, and AWS. Data was exfiltrated via HTTPS, GitHub API, and DNS tunneling.
### Detection & Response
- **Discovery:** Flagged by cybersecurity researchers at StepSecurity.
- **Response Actions:** Developer credentials revoked; malicious version pulled; Nx Console version 18.100.0 released with the fix.
## Attack Methodology
- **Initial Access:** Stolen GitHub credentials from a developer's compromised machine.
- **Persistence:** On macOS, the malware installed a Python-based backdoor (`cat.py`) and a LaunchAgent (`com.user.kitty-monitor.plist`).
- **Privilege Escalation:** Not explicitly detailed; focused on high-privilege credential access within the user's environment.
- **Defense Evasion:** Use of obfuscated JavaScript payloads, detached background processes, and "dangling orphan commits" in GitHub to hide the malicious code. It also verified system time zones to avoid infecting CIS/Russian regions.
- **Credential Access:** Targeted 1Password, Anthropic Claude Code, npm, GitHub, and AWS secrets.
- **Discovery:** Scanned for development environment configurations.
- **Lateral Movement:** Attempted supply chain poisoning by leveraging stolen npm OIDC tokens to potentially publish malicious downstream packages.
- **Collection:** Automated harvesting of local secret files and memory-resident tokens.
- **Exfiltration:** HTTPS, GitHub API, and DNS tunneling.
- **Impact:** Compromise of developer environments and potential for wider supply chain poisoning (Sigstore/SLSA poisoning).
## Impact Assessment
- **Financial:** Undisclosed, but secondary costs related to credential rotation for affected users and companies.
- **Data Breach:** High-value developer secrets and cloud infrastructure tokens.
- **Operational:** Disruption for developers requiring immediate updates and secret rotation.
- **Reputational:** Significant, as this is the second supply chain attack against the Nx ecosystem within a year.
## Indicators of Compromise
- **Files:**
- `~/.local/share/kitty/cat.py`
- `~/Library/LaunchAgents/com.user.kitty-monitor.plist`
- `/var/tmp/.gh_update_state`
- `/tmp/kitty-*`
- **Behavioral:**
- Presence of a python process running `cat.py`.
- Process with `__DAEMONIZED=1` in the environment variables.
- Unexpected DNS traffic to unusual domains (DNS Tunneling).
## Response Actions
- **Containment:** Version 18.95.0 was superseded and removed from circulation.
- **Eradication:** Affected users advised to terminate malicious processes and delete the file artifacts listed above.
- **Recovery:** All users must update to version 18.100.0+ and rotate all credentials (SSH keys, tokens, 1Password secrets).
## Lessons Learned
- **Credential Protection:** Developer machines remain the "Patient Zero" for high-impact supply chain attacks.
- **Commit Integrity:** The use of orphaned commits highlights a gap in repository monitoring where only the main branch activity might be scrutinized.
- **Verification:** Even popular extensions (2M+ installs) can be leveraged as delivery vehicles for malware.
## Recommendations
- **MFA & Hardware Keys:** Enforce hardware-based MFA for all developer GitHub and npm accounts.
- **Secret Management:** Use short-lived, dynamically generated credentials where possible to minimize the impact of a leak.
- **Monitoring:** Implement monitoring for unauthorized LaunchAgents and suspicious background processes on developer macOS workstations.
- **Validation:** Utilize tools that check VS Code extension integrity and monitor for unauthorized changes in supply chain dependencies.