s1ngularity nx Build System Compromise

August 2025 compromise of the nx build system and @nx/js that stole credentials, SSH keys and wallet data from Linux and macOS developers and published the loot to attacker-created GitHub repositories.

discovered 2025-08-27

↓ JSON ↓ CSV

Objective

Steal developer credentials, SSH keys and crypto wallets at scale via a trusted build tool.

Packages

npmnxattributed-to
npm@nx/jsattributed-to

Techniques

ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
ttpT1041 Exfiltration Over C2 Channeluses
ttpT1552.004 Unsecured Credentials: Private Keysuses
ttpT1528 Steal Application Access Tokenuses
ttpT1071.001 Application Layer Protocol: Web Protocolsuses
ttpT1102 Web Serviceuses
ttpT1546 Event Triggered Executionuses
ttpT1485 Data Destructionuses

Read the full analysis →