Malicious Nx npm Packages Reportedly Weaponize AI Coding Agents for Data Exfiltration

On August 26-27, 2025, attackers published eight malicious versions of the popular Nx build system and related packages to npm, affecting millions of weekly downloads. The attack began with a flawed GitHub Actions CI workflow contributed via a Pull Request on August 21, estimated to have been generated by Claude Code. A follow-up malicious commit on August 24 modified the CI workflow to exfiltrate the npm token to an attacker-controlled server. The malicious packages contained a postinstall script that weaponized local AI coding agents (Claude, Gemini, and Amazon Q) using dangerous flags like '--dangerously-skip-permissions', '--yolo', and '--trust-all-tools' to bypass guardrails. The AI agents were prompted to scan filesystems for sensitive files including SSH keys, environment files, cryptocurrency wallets, and other credentials, writing results to /tmp/inventory.txt. The malware also harvested GitHub and npm tokens, then created public GitHub repositories named 's1ngularity-repository-NNNN' to exfiltrate the stolen data. Over 1,000 user machines sent back information to the attackers. The malicious versions were live for approximately 5 hours and 20 minutes before removal. This represents one of the first documented cases of malware leveraging AI assistant CLIs for reconnaissance and data exfiltration.