A sophisticated supply chain attack has been uncovered targeting the popular npm package manager, with a malicious package named “@acitons/artifact” downloaded over 206,000 times. Security researchers discovered this threat on November 7th, identifying it as a potent example of typosquatting. The attackers deliberately misspelled the name of a legitimate package, “@actions/artifact,” which is commonly used in GitHub Actions workflows, to deceive developers.
The primary objective of this malicious npm package was to steal authentication tokens from build environments within GitHub-owned repositories. Upon successful installation, the malware would exfiltrate these sensitive tokens. Armed with these tokens, attackers could then impersonate GitHub’s legitimate account to publish new malicious code, posing a significant threat to the security integrity of the entire GitHub platform.
Malicious npm Package Undermines GitHub Ecosystem
The attack leveraged a hidden installation script embedded within the malicious package. Specifically, six compromised versions of “@acitons/artifact” contained a post-install hook designed to automatically download and execute clandestine malware code. This technique allowed the attackers to operate covertly, with the malware evading detection by common antivirus software at the time of its discovery, according to Veracode security analysts. This incident underscores the ongoing vulnerabilities within the software supply chain, a concern ranked third in the OWASP Top 10 2025 list.
The campaign targeted GitHub’s continuous integration and continuous deployment (CI/CD) platform, highlighting a strategic shift by malicious actors to compromise the very tools developers rely on daily. Veracode researchers noted the malware’s use of advanced evasion techniques to conceal its malicious activities and avoid automated detection systems. This campaign’s success is a stark reminder of how critical security measures are for CI/CD pipelines.
Analysis of the Malicious Code and Infection Mechanism
The malicious code within the “@acitons/artifact” package was heavily obfuscated and compiled using specialized tools to convert shell scripts into binary files, significantly impeding analysis efforts. A notable characteristic of the deployed malware was its time-based expiration. Each version was engineered to cease functioning within a few days of its release, suggesting the attackers were employing this strategy to test different iterations of their code while remaining undetected by security monitoring systems.
The infection process was multi-staged. Upon installation, the malware executed as a bash script that systematically reset its own environment variables to alter its execution context. This action triggered the loading of an obfuscated JavaScript file, “verify.js,” concealed within the Node package. The “verify.js” file was programmed to specifically check for the presence of GitHub environment variables, which are unique to code running within GitHub Actions environments.
Crucially, the malware’s targeting was precisely focused; it was designed to operate exclusively within repositories owned by the GitHub organization itself, indicating a highly targeted and deliberate attack. After obtaining an encryption key from an external server, the stolen tokens were encrypted before being transmitted to a command and control server. While developers utilizing Veracode’s Package Firewall were automatically protected upon the threat’s identification, this incident serves as a potent illustration of the persistent risks associated with package managers and sophisticated software supply chain attacks.
The investigation into the full scope of this attack and the potential impact on affected repositories is ongoing. Security professionals are advising wider adoption of thorough dependency scanning and software composition analysis (SCA) tools to mitigate similar future threats. The continued evolution of these attack vectors necessitates constant vigilance and proactive security measures within the development lifecycle.