### Attack Details The attack, discovered in multiple packages from **Namastex Labs**, leverages techniques for credential theft, data exfiltration, and self-propagation. While similarities exist with **TeamPCP**’s CanisterWorm attacks, definitive attribution remains unconfirmed. **Socket** has identified 16 compromised **Namastex** packages, including: * @automagik/genie (4.260421.33-4.260421.39) * pgserve (1.1.11–1.1.13) * @fairwords/websocket (1.0.38-1.0.39) * @fairwords/loopback-connector-es (1.4.3-1.4.4) * @openwebconcept/[email protected] * @openwebconcept/[email protected] These packages, utilized in AI agent tooling and database operations, suggest a focus on high-value targets. The worm-like nature of the attack allows for rapid spread under the right conditions. ### Data Exfiltration and Self-Propagation The malicious code aims to collect sensitive data, including tokens, API keys, SSH keys, credentials for cloud services, CI/CD systems, registries, LLM platforms, and Kubernetes/Docker configurations. It also targets sensitive data stored in **Chrome** and **Firefox**, including cryptocurrency wallets like **MetaMask**, **Exodus**, **Atomic Wallet**, and **Phantom**. **StepSecurity** describes the malware as a "supply-chain worm" capable of identifying npm publish tokens and injecting itself into other packages the compromised token can publish, furthering the breach. Malicious versions of `pgserve` were initially published on April 21st. If publish tokens are found, the script identifies publishable packages, injects the payload, and republishes them with incremented version numbers, creating a recursive spread. If **PyPI** credentials are found, a similar method is applied to Python packages via a `.pth`-based payload, making this a multi-ecosystem threat. ### Mitigation Developers should immediately treat all listed package versions as malicious, removing them from systems and CI/CD pipelines, and rotating all potentially exposed secrets. Both **Socket** and **StepSecurity** provide indicators of compromise (IOCs) to aid in identifying compromised environments. Recommended actions include: * Removing affected packages from development and CI/CD systems. * Rotating all credentials and secret data. * Searching for internal package mirrors, artifacts, and caches. **Socket** also advises auditing for related packages sharing the same `public.pem` file, webhook host, or `postinstall` pattern.