Version 18.95.0 of the rwl.angular-console Nx Console extension for Visual Studio Code — installed on over 2.2 million developer machines — was weaponized with a multi-stage credential stealer on May 18, 2026, explicitly targeting 1Password vaults, AWS credentials, npm tokens, GitHub tokens, and Anthropic Claude Code configurations during an 11-minute window before the malicious commit was pulled.
The Orphaned Commit Technique That Bypassed Repository Security Signals
Attackers introduced the malicious payload via an “orphaned, unsigned commit” pushed to the nrwl/nx repository using GitHub credentials stolen from a developer whose account had been compromised in a prior incident. The orphaned commit technique is specifically designed to avoid the security signals that catch standard branch-based pushes: commits that are unsigned and disconnected from normal branch history are less likely to appear prominently in repository activity monitoring or trigger automated security tooling.
The exposure window was narrow — approximately 11 minutes, from 2:36 p.m. to 2:47 p.m. CEST on May 18, 2026. Developers who updated the extension during that window received the weaponized version 18.95.0. All affected users are advised to rotate every credential accessible from their development machine and update to version 18.100.0 or later.
Credential Targets: 1Password, AWS, npm, GitHub, and Claude Code
The 498 KB malware payload harvested secrets across multiple high-value developer toolchain categories: 1Password vault contents, AWS access keys, npm authentication tokens, GitHub tokens, and configuration files associated with Anthropic’s Claude Code developer tool. The explicit targeting of Claude Code configurations signals that AI assistant and LLM toolchain credentials have become a distinct high-value target class for supply chain attackers, alongside the cloud provider keys and repository tokens that have long been primary targets.
The macOS Python Backdoor Using GitHub Search API as a Covert C2 Channel
On macOS, the malware installed an additional Python backdoor that used GitHub’s own Search API as a covert command-and-control channel. Rather than communicating with attacker-controlled infrastructure that could be flagged by network monitoring tools, the backdoor received instructions through GitHub repository search queries — traffic that appears as ordinary developer activity to most enterprise network detection systems. The technique exploits the trusted, high-volume status of GitHub traffic in developer environments where outbound connections to GitHub are universally permitted.
How This Attack Connects to the May 2026 Supply Chain Campaign
The Nx Console compromise follows the same methodology as the Shai-Hulud npm campaign and the GitHub Actions supply chain attack reported the previous day. Each incident targeted a component of the developer toolchain — npm packages, CI/CD workflows, and VS Code extensions — as a vector to harvest credentials from developer machines rather than attacking production systems directly. Developer machines carry a concentrated inventory of high-value secrets: cloud provider keys, code-signing certificates, repository access tokens, and password manager vaults, making them a more efficient target than attacking individual production services.
The Prior Account Compromise That Opened the Supply Chain Door
The Nx Console breach chain began with a developer whose GitHub account had been compromised in an earlier, separate incident. The stolen credentials provided the write access needed to push the orphaned commit to the nrwl/nx repository. This dependency on a prior account compromise illustrates how an identity breach that appears contained at one stage can be weaponized later to distribute malware to millions of downstream users who update the affected package.
