Nx Console VS Code Extension Compromised - StepSecurity
Customers
Pricing
Resources
Company
Request a Demo<br>Login
Customers
Pricing
Resources
Company
Start Free
Login
Back to Blog
Threat Intel
Nx Console VS Code Extension Compromised
Version 18.95.0 of the popular Nx Console extension (2.2M+ installs) was published with malicious code targeting developer credentials, cloud infrastructure tokens, and CI/CD secrets. Here's what we know so far.
Ashish Kurmi<br>View LinkedIn
May 18, 2026
Share on X<br>Share on X<br>Share on LinkedIn<br>Share on Facebook<br>Follow our RSS feed
Table of Contents
Loading nav...
This is a developing story. We will update this post with additional findings and detailed payload analysis, as our investigation continues.<br>Summary<br>On May 18, 2026, we identified that Nx Console (nrwl.angular-console), a popular VS Code extension with over 2.2 million installations, was compromised. Version 18.95.0 published to the VS Code Marketplace contains malicious code that executes an obfuscated payload upon workspace activation. The prior version (18.94.0) and the remediation version (18.100.0) are not affected.<br>This is the second major supply chain attack against the Nx ecosystem in less than a year. In August 2025, the "s1ngularity" attack compromised the nx npm package and several plugins, exfiltrating developer credentials via a malicious postinstall script. See our prior analysis.<br>This is a developing situation. We are actively investigating and will update this post with additional technical details and indicators of compromise as our analysis progresses.<br>What Happened<br>Version 18.95.0 of the Nx Console VS Code extension was published to the VS Code Marketplace outside the project's normal CI/CD pipeline, likely using stolen publishing credentials (VSCE_PAT). The malicious version injects code into the extension's main.js that runs npx -y github:nrwl/nx#558b09d7... on every workspace activation. This references a dangling orphan commit on the nrwl/nx GitHub repository containing a ~498 KB obfuscated JavaScript payload.<br>Key observations:<br>Version 18.95.0 does not have a corresponding GitHub release — it was published directly to the marketplace, bypassing CI/CD.<br>The malicious commit on nrwl/nx is unsigned, has no parent commits (orphan), and is not reachable from any branch.<br>The commit is attributed to a developer account that is no longer a public member of the nrwl GitHub organization. All recent legitimate commits from this account are GPG-signed; the malicious commit is not.<br>The commit message reads "Don't delete this commit before 24 hours or wiper activates" — social engineering intended to delay incident response.<br>Open VSX was not affected — the malicious version was only published to the VS Code Marketplace.<br>Payload Capabilities<br>Our static analysis of the obfuscated payload reveals a sophisticated, multi-stage credential stealer and exfiltration tool. Key capabilities include:<br>Credential theft targeting GitHub, NPM, AWS, HashiCorp Vault, Kubernetes, 1Password, SSH keys, and database connection strings<br>Three exfiltration channels: HTTPS to a C2 server on port 443, GitHub API-based exfiltration, and DNS tunneling<br>Sigstore attestation forgery: ability to steal OIDC tokens and forge SLSA provenance to publish maliciously-signed npm packages<br>Persistence mechanisms: macOS LaunchAgent (com.user.kitty-monitor.plist), Python backdoor (cat.py), and Bun-based scripts<br>CI/CD targeting: GitHub Actions runner memory scraping and privilege escalation via sudoers manipulation<br>Anti-analysis features: geolocation filtering, self-daemonization, and multi-layer obfuscation (obfuscator.io + PBKDF2-encrypted strings)<br>This is notably the second major supply chain attack against the Nx ecosystem in less than a year. The first occurred in August 2025 (GHSA-cxm3-wv7p-598c), targeting npm packages directly.<br>Who Is Affected<br>You may be affected if:<br>You use VS Code, Cursor, or any VS Code-based editor with the Nx Console extension installed<br>Your extension auto-updated to version 18.95.0 on May 18, 2026<br>You opened any workspace after the update was applied<br>What You Should Do<br>Check your extension version: Run code --list-extensions --show-versions | grep angular-console. If you see version 18.95.0, you are affected.<br>Update immediately to version 18.100.0 or later.<br>Check for persistence: Look for ~/.local/share/kitty/cat.py and ~/Library/LaunchAgents/com.user.kitty-monitor.plist on your system. Remove them if found.<br>Rotate all credentials: GitHub tokens, NPM tokens, SSH keys, AWS credentials, cloud CLI credentials, HashiCorp Vault tokens, and any API keys accessible from your machine or CI/CD environment.<br>Audit CI/CD environments: If you use GitHub Actions with Nx, review recent workflow runs for unexpected artifacts, commits, or secret access.<br>Review npm packages: If you publish npm packages, check for unauthorized versions that may have been published using stolen tokens.<br>Indicators of Compromise<br>File Hashes...