Full Report
The compromise introduced a malicious telemetry.js file triggered via a post-install script in the npm package. The payload executed only on Linux and macOS systems, systematically searching for sensitive files (wallets, keystores, .env, SSH keys) and extracting credentials (g...
Analysis Summary
# Tool/Technique: Malicious npm Package Payload (Derived Name: telemetry.js Stealer)
## Overview
This involves a supply chain attack targeting the npm ecosystem where a malicious file, `telemetry.js`, was injected into a legitimate package via a post-install script. The payload's primary purpose is sensitive data exfiltration from Linux and macOS systems, system lockout attempts, and exploitation of installed AI CLI tools for reconnaissance.
## Technical Details
- Type: Malware/Payload delivered via Supply Chain Compromise
- Platform: Linux, macOS
- Capabilities: Sensitive file searching (wallets, keystores, .env, SSH keys), extraction of credentials (including GitHub tokens and npmrc content), environmental lockout via shell script modification, and exploitation of trusted AI CLI tools.
- First Seen: August 27, 2025 (based on the reporting date)
## MITRE ATT&CK Mapping
- TA0001 - Initial Access
- T1195 - Supply Chain Compromise
- T1195.002 - Compromise Software Supply Chain: Compromise Software Supply Chain
- TA0005 - Defense Evasion
- T1026 - Permission Usage (When exploiting AI CLI tools)
- TA0008 - Lateral Movement (Potential, via stolen credentials)
- TA0010 - Exfiltration
- T1041 - Exfiltration Over C2 Channel
- T1567 - Exfiltration Over Web Service
- T1567.002 - Exfiltration Over Cloud Storage (Victim GitHub Repositories)
- TA0003 - Persistence
- T1548.002 - Abuse Execution Flow Execution Opportunity (Triggered via post-install script)
## Functionality
### Core Capabilities
- **Execution Trigger:** Payload runs automatically via a `post-install` script in the compromised npm package.
- **Platform Filtering:** Restricts execution only to Linux and macOS environments.
- **Credential Harvesting:** Systematically searches the filesystem for high-value targets:
- Wallet files
- Keystores
- `.env` files
- SSH keys
- **Data Extraction:** Specifically targets and extracts `gh auth token` and `npmrc` content.
### Advanced Features
- **AI Tool Exploitation:** Weaponizes installed AI CLI tools by invoking them with dangerous flags (`--dangerously-skip-permissions`, `--yolo`, `--trust-all-tools`) to facilitate filesystem content theft (reconnaissance).
- **System Lockout:** Attempts to cause system disruptions by appending `sudo shutdown -h 0` to `~/.bashrc` and `~/.zshrc`, leading to immediate shutdowns upon opening new terminal sessions.
- **Data Obfuscation & Exfiltration:** Exfiltrated data is subjected to double and triple Base64 encoding before being uploaded to attacker-controlled or attacker-created public GitHub repositories.
## Indicators of Compromise
- File Hashes: (Not provided in context)
- File Names: `telemetry.js`
- Registry Keys: (Not applicable for Linux/macOS focus)
- Network Indicators:
- Exfiltration Destinations (Victim GitHub Repositories): `s1ngularity-repository`, `s1ngularity-repository-0`, `s1ngularity-repository-1` (These destinations should be treated as compromised or actively malicious infrastructure).
- Behavioral Indicators:
- Execution of scripts from npm package `post-install` hooks.
- System file scanning targeting common credential storage locations (`.ssh/`, `wallet`, `.env`).
- Execution of commands like `sudo shutdown -h 0` appended to shell startup files (`.bashrc`, `.zshrc`).
- Outbound HTTP/HTTPS traffic to GitHub repositories containing encoded data uploads.
## Associated Threat Actors
- Unknown (Campaign type activity reported in August 2025)
## Detection Methods
- Signature-based detection: Signatures targeting the specific binary/script content of `telemetry.js`.
- Behavioral detection: Monitoring for post-install scripts executing complex file system searches or modifying critical shell configuration files (`~/.bashrc`, `~/.zshrc`). Alerting on the execution of AI CLI tools with highly suspicious flags (e.g., `--dangerously-skip-permissions`).
- YARA rules: Rules targeting the unique Base64 encoding patterns or specific strings related to credential theft within JavaScript files executing from package installation paths.
## Mitigation Strategies
- **Prevention Measures:** Use private package registries or mirror public repositories to vet dependencies before installation. Employ deep dependency integrity checks.
- **Hardening Recommendations:** Limit execution context for installations (e.g., using ephemeral build environments). Ensure developers do not run installations with unnecessary elevated privileges. Implement strict egress filtering to block unexpected connections to external code hosting services (like GitHub) from internal hosts or build servers.
## Related Tools/Techniques
- Supply Chain Attacks (General)
- Credential Stealers distributed via software repositories (e.g., PyPI, RubyGems attacks).
- Use of shell modification (`.bashrc`/`.zshrc` modification) for persistence or denial of service.