Nx Console VS Code Extension Supply Chain Attack: What Developers Need to Know

How the Malicious Extension Worked

Once installed, the compromised extension behaved normally at first but executed hidden malicious logic when a workspace opened.

Security researchers found that the extension downloaded and executed a large obfuscated payload (~498 KB) from a hidden location within the official Nx GitHub repository infrastructure.

This payload acted as a multi‑stage credential harvester designed specifically for developer environments.

Credentials and Secrets It Targeted

The malware searched local files and environment variables for high‑value authentication material commonly present on developer machines, including:

• GitHub tokens and GitHub Actions secrets
• npm tokens and OIDC exchange credentials
• AWS credentials, IAM authentication data, and Secrets Manager tokens
• Kubernetes configuration and cluster credentials
• HashiCorp Vault tokens
• SSH private keys
• Docker credentials
• Google Cloud credentials
• Connection strings and API keys
• 1Password CLI vault data if an active op session was open

Collected data could be exfiltrated using HTTPS requests, GitHub API calls, or DNS‑based channels, allowing attackers to move stolen credentials off the machine quickly.

Persistence Mechanisms Installed by the Malware

Beyond credential theft, the malware attempted to maintain long‑term access to infected machines.

Indicators identified by the Nx security advisory include the creation of several persistence files:

• ~/.local/share/kitty/cat.py

• ~/Library/LaunchAgents/com.user.kitty-monitor.plist

• /var/tmp/.gh_update_state
• Temporary files matching /tmp/kitty-*

The attack could also spawn a Python process running cat.py or processes with the environment variable __DAEMONIZED=1.

Persistence varied by operating system:

• macOS: the malware installed a LaunchAgent to restart automatically.
• Linux: the payload attempted persistence through system configuration changes such as sudoers injection.

These mechanisms allowed the attacker to maintain a foothold even after the extension itself was removed.

Why This Attack Matters for the Nx Ecosystem

The 2026 extension compromise did not occur in isolation.

In August 2025, attackers already executed a major Nx npm supply‑chain attack by publishing malicious versions of the nx build system and related plugins. Those packages scanned local systems for credentials and uploaded them to attacker‑controlled GitHub repositories under victims’ accounts.

The newer incident highlights two ongoing trends:

• Developer machines are high‑value targets because they often contain cloud credentials, CI/CD tokens, and repository access keys.
• Supply‑chain attacks increasingly target developer tooling—extensions, build tools, and package registries—where malicious updates can spread quickly.

In this case, the Nx team reported that the malicious extension was published using compromised GitHub credentials from a developer affected by another recent security incident, allowing attackers to bypass normal publishing safeguards.

Who Was Potentially Affected

Developers were at risk if they installed or auto‑updated to Nx Console version 18.95.0 during the brief exposure windows:

• Visual Studio Marketplace: May 18, 2026 — 12:30–12:48 UTC
• OpenVSX Registry: May 18, 2026 — 12:33–13:09 UTC

This includes users of:

• Visual Studio Code
• VS Code forks or compatible editors
• Environments that install extensions through OpenVSX

Anyone who installed the compromised version during that timeframe should assume that credentials on that workstation may have been exposed.

Indicators of Compromise (IOCs)

Developers should immediately investigate systems for these warning signs:

• Nx Console version 18.95.0 installed during the exposure window
• File present: ~/.local/share/kitty/cat.py
• File present:

  ~/Library/LaunchAgents/com.user.kitty-monitor.plist

• File present: /var/tmp/.gh_update_state
• Temporary files matching /tmp/kitty-*
• A running Python process executing cat.py
• Processes with the environment variable __DAEMONIZED=1

If any of these indicators are present, treat the system as compromised.

Immediate Remediation Steps

Security teams and developers should take the following actions immediately if exposure is possible:

1. Update Nx Console to version 18.100.0 or later.

2. Terminate malicious processes, including any cat.py process or processes with __DAEMONIZED=1.

3. Remove persistence artifacts, including the files listed above.

4. On macOS, unload the LaunchAgent before deleting it:

   launchctl unload ~/Library/LaunchAgents/com.user.kitty-monitor.plist

5. Rotate all credentials accessible from the machine, including:

   • GitHub tokens
   • cloud provider credentials
   • API keys
   • SSH keys
   • CI/CD tokens

6. Review audit logs in GitHub, cloud providers, and CI systems for suspicious activity.

If compromise is confirmed, the safest remediation is often rebuilding or re‑imaging the workstation from a clean environment and restoring credentials from secure backups.

The Bigger Security Lesson

This incident underscores a growing reality in modern development: the software supply chain extends into developer tooling itself. Extensions, build systems, and package managers now represent some of the most attractive targets for attackers because they run with broad access to source code, secrets, and infrastructure credentials.

Even brief exposures—measured in minutes—can be enough for attackers to harvest high‑value secrets from developer environments.

For organizations, the takeaway is clear: monitor extension updates, enforce credential rotation policies, and treat developer workstations as critical infrastructure in the security model.