top of page
Buscar

The Code That Infects Itself

  • Foto del escritor: Javier Conejo del Cerro
    Javier Conejo del Cerro
  • hace 14 minutos
  • 3 Min. de lectura

What appears to be a routine package installation can, in reality, become the starting point of a large-scale compromise. This campaign demonstrates how attackers are no longer just targeting applications or users, but the very processes developers rely on to build and deploy software. By embedding malicious logic into trusted npm packages within the SAP ecosystem, the attackers transform a simple install command into a full credential harvesting operation.

More importantly, this is not just a one-time breach. The attack introduces a self-propagating mechanism that leverages developer workflows, CI/CD pipelines, and repository integrations to spread autonomously. Trust in widely used platforms such as GitHub and npm is no longer just an advantage for productivity—it has become a powerful weapon for threat actors.


Phase 1: Trusted Code, Hidden Hook 


The attack begins inside the software supply chain—specifically, npm packages tied to SAP development environments. Compromised versions introduce a malicious preinstall hook, an unexpected behavior that executes during package installation.

Instead of delivering functionality, this hook silently downloads a Bun runtime from GitHub, extracts it, and executes it immediately. By embedding itself into a legitimate installation flow, the malware bypasses traditional detection and leverages trust in widely used development tools.


Phase 2: Execution at Install Time 


Once triggered, the loader (“setup.mjs”) acts as a bootstrapper for the next stage. It executes a credential-stealing payload entirely within the developer’s environment—local machines or CI/CD pipelines.

The use of PowerShell with execution bypass, along with unvalidated HTTP redirects, further reduces friction, ensuring the payload runs regardless of system protections.


Phase 3: Credential Harvesting 


The payload aggressively collects sensitive data across multiple layers:

  • GitHub and npm tokens

  • GitHub Actions secrets

  • Cloud credentials (AWS, Azure, GCP, Kubernetes)

  • Browser-stored passwords (Chrome, Edge, Safari, Brave)

All stolen data is encrypted using AES-256-GCM with an RSA-4096 key, ensuring only the attacker can decrypt it. Exfiltration is performed through GitHub repositories created within the victim’s own account—masking malicious activity as legitimate developer behavior.


Phase 4: Self-Propagation Engine 


What makes this campaign especially dangerous is its ability to spread autonomously. Using stolen tokens, the malware:

  • Injects malicious GitHub Actions workflows

  • Publishes poisoned npm packages

  • Infects additional repositories

It also embeds persistence mechanisms into developer tools:

  • .vscode/tasks.json (executes on folder open)

  • .claude/settings.json (abuses AI coding hooks)

This marks one of the first known cases where AI coding environments are weaponized for malware propagation.


Phase 5: The Supply Chain Loop 


The infection cycle becomes self-sustaining. Every compromised developer environment can generate new malicious packages, extending the attack across ecosystems without direct attacker intervention.

The abuse of GitHub as both infrastructure and exfiltration channel makes detection extremely difficult—traffic appears legitimate, and blocking GitHub is not viable for most organizations.


Measures to Fend Off 


  • Pin and verify dependency versions (avoid automatic upgrades)

  • Audit package installation scripts (preinstall/postinstall hooks)

  • Restrict CI/CD permissions and token scopes

  • Rotate all exposed credentials immediately

  • Monitor GitHub Actions for unauthorized changes

  • Enforce least privilege across cloud and repo access

  • Validate OIDC configurations and trusted publishing policies

  • Detect anomalous repository modifications or workflow injections


Conclusions


This campaign shows how supply chain attacks are evolving into scalable, self-propagating operations. By abusing developer tokens, CI/CD workflows, and trusted publishing mechanisms, attackers turn each compromised environment into a new distribution point.

The use of strong encryption and GitHub as an exfiltration channel makes detection difficult, as malicious activity blends with legitimate traffic. Additionally, persistence through developer tools like VS Code and AI environments extends the impact beyond the initial compromise.

Defending against these threats requires stronger control over dependencies, tighter access management, and continuous monitoring of development workflows. In this context, trust must always be verified.


The Hacker News


 
 
 

Comentarios

bottom of page