GitHub: 3,800 internal repos breached via malicious Nx Console extension
- Source
- BleepingComputer
- Time
- 11:49 AM
- Weight
- 94/100
GitHub recently disclosed a security incident involving the breach of approximately 3,800 internal repositories. The compromise was traced back to a malicious extension found on the Visual Studio Code Marketplace, which mimicked the popular "Nx Console" tool.
By using a typosquatting technique, the attackers deceived developers into installing the fraudulent version, which contained embedded scripts designed to exfiltrate sensitive environment variables and authentication tokens. Once installed, the malicious extension harvested credentials, including GitHub personal access tokens, and transmitted them to a remote server.