In May 2026, the programming and cybersecurity worlds were hit by one of the largest digital infrastructure attacks in recent years. After the notorious hacking group TeamPCP publicly released the source code of a malicious tool called Shai-Hulud, a coordinated wave of attacks targeted several major platforms and software ecosystems simultaneously.

What made this attack especially alarming was that the attackers did not target end users directly. Instead, they compromised the software “supply chain” itself. In other words, rather than attacking individual users, the hackers went after the tools and services developers trust every day: automated build systems, code editor extensions, development libraries, and cloud services.

The attack unfolded like a domino effect. First, the attackers compromised “official” and trusted software distribution channels. Then they stole credentials belonging to developers and automated build systems, using that access to infiltrate additional projects and services.

As the situation escalated, particular attention focused on version 18.95.0 of the Nx Console extension for the popular Visual Studio Code editor. Investigators began asking whether this tool may have served as one of the key links in the attack against GitHub’s infrastructure.

At this stage, there is no direct proof. However, Nx Console remains one of the most suspicious and significant components in the entire infection chain. Multiple companies are continuing the investigation together. GetBlock AML Research is publishing the details currently known.

How to use GitHub and not lose cryptocurrency. Developer Guide

Repositories with hidden malicious code have been discovered on the hosting platform, that gives hackers the keys to crypto wallets

Читать дальше

The scale of the potential infection raised additional concerns. According to Microsoft Marketplace data, the malicious extension was installed only 28 times. However, internal Nx telemetry revealed roughly 6,000 extension activations inside VS Code. That suggests the real number of potentially affected users could be hundreds of times higher than the official figures indicate.

How the Attack Unfolded

Researchers have linked the attack on the popular TanStack project and several subsequent infection waves to the TeamPCP group, also known under aliases including DeadCatx3, PCPcat, ShellForce, and CipherForce.

May 10–11, 2026: Attack on TanStack

One of the earliest major targets was TanStack, a widely used toolkit for web developers.

The most important detail of the attack was that the hackers did not directly steal publishing keys for software packages. Instead, they targeted the automated build and release system — the so-called CI/CD pipeline.

For non-technical users, this is similar to criminals gaining access not to counterfeit products themselves, but to the official factory and then distributing infected products through the legitimate production line.

The attack unfolded in several stages. First, the attacker created a copy of the project and submitted a specially crafted code change request. Due to flaws in the automated validation setup, that request was executed inside the protected environment of the main project.

Overview of the largest NPM attack in history: what it is and how it relates to crypto

Malicious code was embedded in specialized packages for developers that are used to create global Internet infrastructure

Читать дальше

The hackers then poisoned the cache — a temporary file storage system used to accelerate software builds. Into that cache, they uploaded a malicious archive approximately 1.1 GB in size.

Afterward, the attackers managed to extract temporary access tokens from the server’s memory — special digital credentials that allowed them to publish new software versions on behalf of the official project. Even despite build process errors, the attackers successfully released 84 infected updates in just six minutes.

What Was Inside the Malicious Packages

The infected packages contained a hidden file called router_init.js, roughly 2.3 MB in size and protected by multiple layers of obfuscation.

For non-specialists, it is important to understand that modern malware increasingly tries to resemble ordinary technical code. Attackers intentionally make it complex and confusing so antivirus software and security analysts cannot quickly determine what it actually does.

The malicious code performed several tasks simultaneously:

• stealing user and developer data;
• collecting GitHub, cloud service, and password manager tokens;
• injecting additional hidden files into projects;
• creating persistence mechanisms to maintain access even after passwords were changed.

One of the most disturbing aspects was that the infected packages carried official Sigstore cryptographic signatures and complied with the SLSA Build Level 3 standard. To ordinary users, this made the software appear legitimately built and fully trustworthy.

The problem is that such systems only verify that the code was built by an official server. They do not guarantee that the code itself is free of malicious content.

The second-largest attack on the NPM infrastructure: why did it happen again?

Developers of popular software solutions, which are widely used in the creation of large services and corporate solutions, have fallen victim to attackers.

Читать дальше

Ultimately, the attack affected 42 packages in the TanStack ecosystem before spreading to additional companies and projects. In total, researchers identified more than 170 infected packages.

May 18, 2026: Nx Console Compromised

The next major stage involved the compromise of Nx Console version 18.95.0.

Investigators later discovered that one of Nx’s developers had already fallen victim to the earlier TanStack-related attack. Using stolen credentials, the attackers gained access to the Nx repository and published an infected extension update.

The distribution method made the situation especially dangerous.

The extension automatically launched a hidden background process whenever a project was opened in the code editor. To users, this appeared to be a routine internal operation. In reality, the malicious code immediately began harvesting large volumes of sensitive information, including:

• GitHub tokens;
• npm access keys;
• AWS credentials;
• Kubernetes configurations;
• password manager data;
• settings for Claude Code and other developer tools.

The attackers exfiltrated the stolen data through HTTPS requests, the GitHub API, and even DNS queries — one of the hardest covert communication methods to detect.

On Mac systems, the malware also established hidden persistence mechanisms to survive system reboots and continue operating in the background.

May 19, 2026: New Infection Waves

Within 24 hours, the attack spread into additional ecosystems. Hundreds of npm packages associated with the @antv project were infected after maintainers’ accounts were compromised.

At the same time, the PyPI platform — the largest repository for Python packages — was also affected. Infected versions of the durabletask library downloaded and executed additional malware on Linux servers.

The newer malware variant was already capable of:

• executing commands on remote AWS servers;
• spreading between Kubernetes clusters;
• attempting to unlock Bitwarden and 1Password vaults.

At that point, this was no longer just data theft. The attackers had effectively created a full-scale worm — malware capable of self-propagating between systems.

AI under attack: Popular library for developers compromised

The attack targeted a library with tens of millions of monthly downloads and led to the leak of hundreds of gigabytes of data. Hackers gained access to keys, passwords, and corporate infrastructure.

Читать дальше

Leak of GitHub Internal Repositories

On May 19, GitHub officially confirmed it was investigating unauthorized access to internal company repositories.

TeamPCP claimed it had gained access to roughly 4,000 private repositories. According to investigators, one possible intrusion vector was a malicious VS Code extension installed on employees’ workstations.

Because of the overlap in timing and attack methods, Nx Console 18.95.0 quickly became the primary suspect in the breach chain. At the same time, Nx representatives emphasized that the company was conducting a joint investigation with Microsoft and GitHub and would not draw premature conclusions before the analysis was complete.

Why the Security Systems Failed

This incident exposed a serious weakness in today’s digital infrastructure. Many users and organizations assume that official signatures, “verified publisher” badges, and distribution through official app stores automatically guarantee safety.

In reality, attackers increasingly target the trusted distribution mechanisms themselves. In the past, malware usually required downloading files from suspicious websites. Today, a malicious update can arrive through an official extension marketplace, under the name of a reputable developer, complete with a valid digital signature.

Another major issue is that modern development environments often possess extensive system-level access. VS Code extensions, for example, can effectively execute code on a developer’s machine, read project files, access terminals, and interact with cloud services.

Why the Attack Was Especially Dangerous

The entire operation unfolded at incredible speed. The infected version of Nx Console remained publicly available for only about 18 minutes. Yet that was enough time for the malicious update to be automatically installed by thousands of users.

North Korean hackers: the complete dossier, description of methods and chronology of cryptocurrency thefts

Over the past few years, North Korea’s cyber units have carried out large-scale operations to infiltrate various structures and steal digital assets

Читать дальше

Modern software update systems operate almost instantly. As a result, even a brief compromise of an official distribution channel can trigger a massive infection event.

What Companies and Developers Should Do

Developers and organizations urgently need to inspect their systems for signs of compromise.

Special attention should be given to:

• Nx Console version 18.95.0;
• suspicious background processes;
• unknown startup files;
• GitHub and npm tokens;
• TanStack, @antv, and durabletask packages;
• leaks involving cloud keys and passwords.

Companies should also reevaluate their approach to CI/CD security, caching systems, automatic updates, and access token management.

Why This Story May Not Be Over

There is a strong possibility that the attack is still ongoing. TeamPCP’s tools and techniques continue to evolve, while the infection model has already spread across several major ecosystems, including npm, VS Code, PyPI, and cloud platforms. Given the scale and sophistication of the attack chain, the number of affected organizations will likely continue to rise.