Cyberattacks

Hackers Use AI Tools Against Developers in Supply Chain Attack

Cybercriminals hijack Nx tool on npm, infecting AI assistants to steal sensitive data, marking the first AI-driven malware attack.

By Content Team

Aug 29, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals hijacked the popular Nx development tool on npm, infecting eight versions with malware that exploited AI coding assistants like Claude, Gemini, and Amazon Q. The attack, which lasted just over five hours on August 26, forced these AI tools to scan infected systems for GitHub tokens, SSH keys, cryptocurrency wallets, and other sensitive data.

The stolen information was automatically uploaded to public GitHub repositories under victims' own accounts using the naming pattern "s1ngularity-repository-" - eliminating the need for external servers. Thousands of developers were potentially exposed during the brief window.

A second wave followed, with attackers using stolen credentials to expose and duplicate private organizational repositories. This marks the first known case of malware weaponizing AI development tools for data theft.

Source: Infosecurity Magazine

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Hackers Compromise Popular JavaScript Library Axios, Potentially Affecting 600,000 Downloads

Mar 31, 2026

Hackers Compromise 700+ Next.js Servers Using React2Shell Exploit

Apr 3, 2026

US Charges 31 More in Massive ATM Hacking Scheme

Jan 28, 2026

Hims Telehealth Breach Exposes Highly Sensitive Patient Data

Apr 11, 2026