Microsoft has attributed a supply chain attack on Mastra — an open-source TypeScript framework for building AI applications — to North Korean state actor Sapphire Sleet, also tracked as APT38 and BlueNoroff. The attribution, made June 19 with "high confidence," came after attackers compromised a npm maintainer account and poisoned over 140 packages with malicious code.
The malware targeted cryptocurrency wallets from 166 browser extensions, including MetaMask and Coinbase Wallet, while also stealing browser history and system data. It ran on Windows, macOS, and Linux. Developers should check for easy-day-js dependencies and note that Mastra versions 1.13.0 and earlier are unaffected.
Source: Infosecurity Magazine