GoKawiilA new supply chain attack targeting the Node Package Manager (npm) ecosystem is stealing developer credentials and attempting to spread through packages published from compromised accounts.
The threat was spotted by researchers at application security companies Socket and StepSecurity in multiple packages from Namastex Labs, a company that provides AI-based agentic solutions designed to improve profitability.
Socket noted that the techniques used for credential theft, data exfiltration, and self-propagation were similar with TeamPCP’s CanisterWorm attacks, but available evidence could not lead to confident attribution.
At publishing time, Socket lists a set of 16 Namastex packages already compromised in the new supply-chain attack:
@automagik/genie (4.260421.33-4.260421.39)
pgserve (1.1.11–1.1.13)
@fairwords/websocket (1.0.38-1.0.39)
@fairwords/loopback-connector-es (1.4.3-1.4.4)
@openwebconcept/[email protected]
@openwebconcept/[email protected]
... continue reading