The popular Nx Console extension for Visual Studio Code (version 18.95.0) was compromised and used to deliver multi-stage malware that steals developer credentials. The extension, which has more than 2.2 million installs, was distributed via the official VS Code Marketplace. According to the official security advisory from the Nx team, the incident was caused by the compromise of one of the developers’ workstations, which led to the leak of their GitHub credentials. The Open VSX version of the extension is not affected. All users must immediately update to version 18.100.0 or later and rotate every secret accessible from the infected machine.

Attack mechanism

The stolen credentials were used to inject a malicious orphan commit (an orphaned commit not attached to the main branches) into the official nrwl/nx repository on GitHub. The commit was not signed, which is an important indicator of compromise. According to StepSecurity researchers, whenever any workspace was opened in VS Code, the compromised extension would, within a few seconds, download and execute an obfuscated 498 KB payload hidden in this orphan commit.

The malware reportedly installed the Bun JavaScript runtime to launch an obfuscated index.js file, which acted as a multi-stage tool for credential theft and supply chain poisoning. StepSecurity researchers describe the following data exfiltration channels: HTTPS, GitHub API and DNS tunneling. On macOS systems, the researchers report that an additional Python backdoor was installed that uses the GitHub Search API as a command retrieval mechanism (dead drop resolver).

Targeted secrets and malware capabilities

According to StepSecurity, the malware specifically extracted secrets from:

• 1Password vaults
• Anthropic Claude Code configurations
• npm, GitHub and AWS tokens and secrets

Of particular note is the researchers’ claim that the malware integrated with Sigstore, including issuing Fulcio certificates and generating SLSA provenance. If this information is confirmed, then combined with stolen npm OIDC tokens an attacker could potentially publish malicious npm packages with valid cryptographic signatures that would appear to be legitimate verified builds. It is important to stress that this is an assessment of potential impact from a single research source — no confirmed cases of such package publication have been identified at this time.

A telling detail: the malware checked the system time zone and apparently avoided infecting machines in Russian and CIS time zones — a typical pattern seen in operations by Eastern European groups, although no specific attribution has been established in this case.

Compromise window and indicators of infection

According to the official advisory, the exposure window was extremely narrow: 18 May 2026 from 14:36 to 14:47 CEST (only 11 minutes). Nevertheless, the Nx team has confirmed that several users were compromised during this period.

Indicators of compromise (IoCs) — files on disk:

• ~/.local/share/kitty/cat.py
• ~/Library/LaunchAgents/com.user.kitty-monitor.plist
• /var/tmp/.gh_update_state
• /tmp/kitty-*

Suspicious processes:

• A Python process executing cat.py
• Any process with the environment variable __DAEMONIZED=1

Context: repeated attack on the Nx ecosystem

This is already the second incident involving the Nx ecosystem in less than a year. In August 2025, according to StepSecurity, several npm packages related to Nx were infected with credential-stealing malware as part of a campaign dubbed s1ngularity. Whereas the previous attack targeted npm packages, the current one has shifted the vector to a VS Code extension — a more direct pathway into the developer’s working environment.

The incident comes amid a large wave of attacks on the npm ecosystem. At the same time, researchers have observed malicious packages targeting Claude Code sessions, theft of cryptocurrency wallets, takeover of Telegram accounts, as well as a coordinated campaign of 38 packages exploiting dependency confusion to attack the CI/CD pipelines of major technology companies.

Response recommendations

For all Nx Console users in VS Code:

1. Immediately update the extension to version 18.100.0 or later
2. Check your workstation for the IoC files and processes listed above
3. If you find indicators, terminate the malicious processes and remove the artifacts from disk
4. Perform a full rotation of all credentials accessible from the affected machine: npm, GitHub, AWS tokens, SSH keys, secrets from password managers
5. Review GitHub and npm audit logs for any unauthorized activity during the exposure window
6. Consider implementing policies that restrict automatic updating of VS Code extensions in corporate environments

This incident demonstrates that IDE extensions are becoming a full-fledged supply chain attack vector, comparable in danger to the compromise of npm packages. A developer’s credentials with rights to publish to a marketplace are a critical asset that must be protected at the level of privileged access: hardware keys for MFA, limiting publish permissions, mandatory commit signing and monitoring for orphan commits in repositories.