LIVE THREATS
CRITICAL Four OpenClaw Flaws Chain Together for Full AI Agent Compromise // CRITICAL Malicious node-ipc Versions Target Cloud, AI Tool Credentials via Supply Chain Backdoor // MEDIUM Microsoft Outlines Defense-in-Depth Framework for Autonomous AI Agents // MEDIUM Rust Compiler Project Drafts Formal LLM Contribution Policy // HIGH TanStack Supply Chain Attack Compromises OpenAI Developer Devices and Signing Certificates // HIGH TeamPCP Steals 5GB of Mistral AI Source Code via Supply Chain Attack // MEDIUM Agentic AI Red Teaming Emerges as Defence Against AI-Speed Attack Chains // HIGH AI Agents Weaponised to Generate Custom Attack Tools in LatAm Campaigns // HIGH GPT-5.5 Matches Specialist Models in Vulnerability Discovery, Democratising Cyber Offence // HIGH Microsoft MDASH Agentic AI System Discovers 16 Critical Windows Vulnerabilities //
ATLAS OWASP CRITICAL Active exploitation · Immediate action required Supply Chain LLM Security Industry News RELEVANCE ▲ 7.2

Malicious node-ipc Versions Target Cloud, AI Tool Credentials via Supply Chain Backdoor

SOURCE The Hacker News ↗
TL;DR CRITICAL
  • What happened: Three node-ipc npm versions backdoored to steal developer and AI tool credentials via obfuscated payload.
  • Who's at risk: Developers using [email protected], 9.2.3, or 12.0.1 are directly exposed, with cloud and AI platform credentials at immediate risk of exfiltration.
  • Act now: Audit package.json and lock files for node-ipc versions 9.1.6, 9.2.3, and 12.0.1 and remove immediately · Rotate all cloud credentials, SSH keys, GitHub tokens, and AI tool API keys on any system that loaded these versions · Block or monitor DNS and HTTPS traffic to sh.azurestaticprovider[.]net and investigate for exfiltration activity
Malicious node-ipc Versions Target Cloud, AI Tool Credentials via Supply Chain Backdoor

Overview

Three versions of the popular npm package node-ipc9.1.6, 9.2.3, and 12.0.1 — have been confirmed as malicious following analysis by Socket and StepSecurity. The packages were published by an account named atiertant, with no prior publish history tied to the package, raising immediate suspicion of either an account takeover or an authorised-but-malicious maintainer insertion. The original author is riaevangelist, who had not updated the package since August 2024 — a 21-month gap that may have made the compromise easier to go undetected.

Node-ipc is a well-established inter-process communication library for Node.js with substantial download volumes, making it a high-value target for supply chain attackers.

Technical Analysis

Unlike many prior supply chain attacks that exploit npm lifecycle hooks (preinstall, postinstall), this backdoor appends its payload directly as an Immediately Invoked Function Expression (IIFE) to node-ipc.cjs. This means the malware executes unconditionally on every require('node-ipc') call, bypassing many standard security scanners that focus on lifecycle script analysis.

Key behavioural characteristics:

  • Environment fingerprinting: The payload enumerates the host environment before proceeding.
  • SHA-256 targeting (v12.0.1 only): Version 12.0.1 performs a SHA-256 hash of the primary module path and compares it against a hard-coded value assembled from eight obfuscated table fragments. If the hash does not match, the payload is entirely inert — indicating surgical, targeted attack capability against a specific developer or project.
  • Broad credential harvesting: 90 credential categories targeted, including AWS, GCP, Azure, SSH keys, Kubernetes tokens, GitHub CLI configs, Claude AI and Kiro IDE settings, Terraform state, database passwords, and shell history.
  • Dual exfiltration channels: Stolen data is GZIP-compressed and sent via HTTPS POST to sh.azurestaticprovider[.]net, with a secondary channel encoding archive chunks as DNS TXT record queries for covert exfiltration.

The inclusion of Claude AI and Kiro IDE credentials is particularly significant for AI security, as these represent access tokens to LLM services and AI development environments that could be used for model abuse, prompt injection at scale, or downstream pipeline compromise.

Framework Mapping

  • AML.T0010 (ML Supply Chain Compromise): The attack directly targets the software supply chain used by AI developers, with credentials for AI platforms explicitly in scope.
  • AML.T0012 (Valid Accounts): The attacker leveraged either compromised or newly-added maintainer credentials to publish malicious package versions.
  • AML.T0057 (LLM Data Leakage): Harvested Claude AI API tokens and IDE configurations represent direct LLM credential exposure.
  • LLM05 (Supply Chain Vulnerabilities): A textbook supply chain attack affecting developers building LLM-integrated applications.
  • LLM06 (Sensitive Information Disclosure): AI platform credentials and configurations are among the primary targets.

Impact Assessment

Any developer or CI/CD pipeline that installed or loaded the three affected versions is potentially compromised. The breadth of targeted credentials — spanning cloud infrastructure, AI platforms, and developer tooling — means a single infection could yield lateral movement across cloud environments and unauthorised access to LLM APIs. The SHA-256 targeting in v12.0.1 suggests at least one campaign is precision-targeted, raising the possibility of corporate espionage.

Mitigation & Recommendations

  1. Immediately remove node-ipc versions 9.1.6, 9.2.3, and 12.0.1 from all projects and pipelines.
  2. Rotate all credentials accessible from affected machines: cloud provider keys, SSH keys, GitHub tokens, Kubernetes service accounts, and AI platform API keys (including Claude and similar).
  3. Block network access to sh.azurestaticprovider[.]net and monitor DNS query logs for anomalous TXT record lookups.
  4. Audit maintainer lists on internal and third-party npm packages; restrict publish rights to verified accounts.
  5. Implement runtime dependency integrity checks and consider tools like Socket or similar SCA platforms for continuous supply chain monitoring.

References

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.