If you’re a developer I recommend the stepsecurity article, a detailed breakdown of the attack. Some highlights about the nx-console attack:

• the malicious version of the extension was only up for 11 minutes before getting detected and taken down, but apparently that was enough to compromise a developer at Github
• portions of the malware were hosted on nx-console’s public Github repo, though hidden in a dangling orphaned commit
• data was exfiltrated through 3 channels, including using a victim’s Github credentials to publish the data on their own repos
• the malware looked for credentials like Github and AWS tokens, likely for future supply chain attacks, and may be the first to steal AI credentials (in this case Claude API)

From the bleepingcomputer article:

“As always this is not a ransom, We do not care about extorting Github, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found we will leak it free,” the cybercriminals said. “If you are interested. Send your offers to the communications below, we are not interested in under 50k, the best offer will get it”

The stealing of AI credentials reminds me of a lemmy post from last year: the first ai agent worm. Imagine a virus that uses AI agents to dynamically probe systems and evolve to spread through infrastructure, meanwhile stealing AI credentials to pay for the tokens that the agents are consuming, a self-funding AI virus!

roughly 3,800 internal repositories

I suppose that part of the moral here is to compartmentalize information internal to a company. Like, if you’re not on the team working on X, then you probably shouldn’t have repository access to X.