Bottom line: A compromised Nx Console extension (v18.95.0) with over 2.2 million installations was used to distribute a credential stealer that exfiltrates developer secrets and can publish signed, legitimate-looking npm packages. Developers should immediately update to version 18.100.0 or later.
Cybersecurity researchers have uncovered a compromised version of the Nx Console extension published on the Visual Studio Code Marketplace. The affected extension rwl.angular-console (version 18.95.0) had over 2.2 million installations and was leveraged to distribute a multi-stage credential stealer.
Security researchers at StepSecurity have identified a compromised version of the popular Nx Console extension for VS Code, Cursor, and JetBrains. Shortly after developers opened a workspace, the manipulated extension silently downloaded and executed a 498 KB obfuscated malware payload from a hidden commit in the official nrwl/nx GitHub repository.
The malicious software functions as a multi-stage credential stealer and supply chain poisoning tool. It collects developer secrets and exfiltrates them via HTTPS, the GitHub API, and DNS tunneling. On macOS systems, it additionally installs a Python backdoor that abuses the GitHub search API as a dead-drop resolver for commands.
The extension developers traced the compromise to a developer’s machine that was hacked, with GitHub credentials exposed in a prior security incident. Using these stolen credentials, an unsigned, orphaned commit containing the malware was pushed to the nrwl/nx repository.
The malware payload installs the Bun JavaScript runtime and executes an obfuscated “index.js”. The malware runs as a background process and steals secrets from 1Password vaults, Anthropic Claude Code configurations, as well as npm, GitHub, and AWS credentials.
Particularly critical: the payload contains full Sigstore integration with Fulcio certificate issuance and SLSA provenance generation. With stolen npm OIDC tokens, an attacker could publish downstream npm packages with cryptographically signed provenance claims and pass them off as legitimate, verified builds.
The Nx team confirmed that some users were compromised. Version 18.95.0 was active between May 18, 2026, 14:36 and 14:47 CEST. Users should update to version 18.100.0 or later and check for suspicious files such as ~/.local/share/kitty/cat.py or ~/Library/LaunchAgents/com.user.kitty-monitor.plist.