In a significant cybersecurity incident, the widely-used Nx build platform has been infiltrated by a sophisticated supply chain attack, compromising multiple package versions and leading to extensive credential theft among developers. This breach, identified as the s1ngularity attack, stands as one of the most comprehensive credential harvesting campaigns targeting the developer ecosystem in 2025.
Scope and Impact of the Attack
The attack affected Nx package versions ranging from 20.9.0 to 21.8.0, all available on the npm registry. Malicious actors injected credential-stealing malware into these packages, which, upon installation, systematically scanned developers’ environments to extract sensitive information. The compromised data includes GitHub personal access tokens, npm authentication keys, SSH private keys, AWS credentials, environment variable API keys, and cryptocurrency wallet files.
The malware employed advanced file system traversal techniques, targeting common configuration directories such as ~/.ssh/ and ~/.aws/, as well as various application-specific credential storage locations. To evade detection, the harvested credentials underwent a double-base64 encoding process before being exfiltrated. The encoded data was then uploaded to public GitHub repositories following a predictable naming convention: s1ngularity-repository-[random-string], each containing a single results.b64 file with the stolen information.
Innovative Targeting of AI Development Tools
A notable aspect of the s1ngularity attack was its focus on Large Language Model (LLM) client configurations. The malware specifically sought authentication tokens and configuration files for popular AI command-line interface (CLI) tools, including Claude, Gemini, and Q (Amazon’s AI assistant). This strategy indicates the attackers’ awareness that AI development tools often require elevated permissions and access to sensitive development environments.
The malware attempted to exploit LLM clients by crafting prompts designed to inventory system files and extract credential information. However, analysis revealed that many AI clients exhibited unexpected defensive behavior. Only 26% (95 out of 366 targeted systems) executed the malicious enumeration commands. Many LLM clients explicitly refused requests that appeared to be credential harvesting attempts, potentially serving as an unintentional but valuable security control in modern development environments.
Exfiltration and Persistence Mechanisms
The attack demonstrated remarkable reach across the developer ecosystem, with 85% of infected systems running macOS, highlighting the campaign’s particular impact on the Apple-dominant developer community. Of the compromised systems analyzed, 33% had at least one LLM client installed, validating the attackers’ strategy of targeting this emerging attack surface.
GitGuardian’s monitoring infrastructure provided unique visibility into the ephemeral exfiltration repositories, detecting 1,346 repositories containing the s1ngularity-repository string, despite GitHub listing only approximately ten active repositories at the time of analysis. This discrepancy indicates rapid repository deletion cycles and ongoing infections from developers continuing to use compromised package versions.
The analysis identified 2,349 distinct secrets across these repositories, with 1,079 repositories containing at least one leaked credential. Critically, approximately 50% of these credentials remained valid at the time of discovery, indicating significant delays in credential revocation processes.
Mitigation and Recommendations
Developers using any impacted versions should immediately run:
“`bash
npm audit
“`
or inspect lockfiles for vulnerable dependencies.
To mitigate the impact of this attack, developers are advised to:
– Search for unauthorized repositories.
– Delete any s1ngularity-repository found.
– Update Nx to a safe version (vulnerable versions have been removed from npm).
– Rotate all exposed secrets: GitHub tokens, npm credentials, SSH keys, environment variables.
– Remove malicious shutdown directives in shell startup files (e.g., .bashrc).
As the incident unfolds, organizations are urged to monitor repository creations and enforce strict post-installation auditing.
Conclusion
The s1ngularity attack underscores the evolving nature of supply chain threats, combining traditional credential theft with novel attack vectors targeting AI development tools and employing GitHub repositories as exfiltration infrastructure. This incident highlights the critical need for developers and organizations to implement robust security measures, maintain vigilance over their development environments, and promptly address vulnerabilities to safeguard sensitive information.
