The Worm That Keeps on Digging: Latest Wave
A sophisticated supply chain campaign targets the open source developer ecosystem by compromising NPM packages in the @antv namespace, GitHub Actions (including actions-cool/issues-helper), and the VSCode extension nrwl. angular-console. The malware uses multi-stage infection chains leveraging GitHub-hosted infrastructure and orphaned commits to deploy payloads via bun. It steals extensive credentials such as GitHub tokens, SSH keys, cloud credentials, and browser secrets, exfiltrating data through attacker-controlled public GitHub repositories. Persistence is maintained through a Python backdoor that polls GitHub for signed commands with specific triggers, enabling remote code execution. The campaign is moderately attributed to the threat actor TeamPCP. No official patch or remediation guidance is provided in the available data.
AI Analysis
Technical Summary
This campaign compromises multiple components in the open source developer ecosystem, including NPM packages (@antv namespace), GitHub Actions workflows, and a VSCode extension. It initiates multi-stage infections using GitHub infrastructure and orphaned commits to deploy payloads via bun. The malware harvests a broad range of credentials (GitHub tokens, SSH keys, cloud credentials, browser secrets) and exfiltrates them through public GitHub repositories controlled by the attacker. Persistence is achieved through a Python backdoor that polls GitHub for signed commands containing trigger strings, allowing remote code execution. Attribution analysis indicates moderate confidence linking the campaign to the threat actor TeamPCP. There is no indication of known exploits in the wild beyond this campaign, and no patch or official fix is documented.
Potential Impact
The campaign enables credential theft across multiple sensitive credential types, including GitHub tokens, SSH keys, cloud credentials, and browser secrets, potentially compromising developer environments and CI/CD pipelines. The use of public GitHub repositories for data exfiltration and a persistent Python backdoor that allows remote code execution increases the risk of prolonged unauthorized access and further compromise. This can lead to supply chain contamination affecting downstream users of the compromised packages and tools.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Given the lack of official fixes or patches, organizations should audit and monitor their use of the affected NPM packages (@antv namespace), GitHub Actions (actions-cool/issues-helper), and the VSCode extension nrwl.angular-console. Review and rotate exposed credentials such as GitHub tokens, SSH keys, and cloud credentials. Investigate and remove any unauthorized backdoors or orphaned commits in GitHub repositories. Employ strict code review and supply chain security practices to detect and prevent similar compromises.
Indicators of Compromise
- hash: b06b126b9e26af03a7ef2f8b8e90d446
- hash: 783b4019fc5b942a29846132d28441c8fc31bed8
- hash: fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142
- domain: m-kosche.com
The Worm That Keeps on Digging: Latest Wave
Description
A sophisticated supply chain campaign targets the open source developer ecosystem by compromising NPM packages in the @antv namespace, GitHub Actions (including actions-cool/issues-helper), and the VSCode extension nrwl. angular-console. The malware uses multi-stage infection chains leveraging GitHub-hosted infrastructure and orphaned commits to deploy payloads via bun. It steals extensive credentials such as GitHub tokens, SSH keys, cloud credentials, and browser secrets, exfiltrating data through attacker-controlled public GitHub repositories. Persistence is maintained through a Python backdoor that polls GitHub for signed commands with specific triggers, enabling remote code execution. The campaign is moderately attributed to the threat actor TeamPCP. No official patch or remediation guidance is provided in the available data.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This campaign compromises multiple components in the open source developer ecosystem, including NPM packages (@antv namespace), GitHub Actions workflows, and a VSCode extension. It initiates multi-stage infections using GitHub infrastructure and orphaned commits to deploy payloads via bun. The malware harvests a broad range of credentials (GitHub tokens, SSH keys, cloud credentials, browser secrets) and exfiltrates them through public GitHub repositories controlled by the attacker. Persistence is achieved through a Python backdoor that polls GitHub for signed commands containing trigger strings, allowing remote code execution. Attribution analysis indicates moderate confidence linking the campaign to the threat actor TeamPCP. There is no indication of known exploits in the wild beyond this campaign, and no patch or official fix is documented.
Potential Impact
The campaign enables credential theft across multiple sensitive credential types, including GitHub tokens, SSH keys, cloud credentials, and browser secrets, potentially compromising developer environments and CI/CD pipelines. The use of public GitHub repositories for data exfiltration and a persistent Python backdoor that allows remote code execution increases the risk of prolonged unauthorized access and further compromise. This can lead to supply chain contamination affecting downstream users of the compromised packages and tools.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Given the lack of official fixes or patches, organizations should audit and monitor their use of the affected NPM packages (@antv namespace), GitHub Actions (actions-cool/issues-helper), and the VSCode extension nrwl.angular-console. Review and rotate exposed credentials such as GitHub tokens, SSH keys, and cloud credentials. Investigate and remove any unauthorized backdoors or orphaned commits in GitHub repositories. Employ strict code review and supply chain security practices to detect and prevent similar compromises.
Technical Details
- Author
- AlienVault
- Tlp
- white
- References
- ["https://www.wiz.io/blog/mini-shai-hulud-teampcp-hits-antv-supply-chain"]
- Adversary
- TeamPCP
- Pulse Id
- 6a0c5b666ccb232590e33087
- Threat Score
- null
Indicators of Compromise
Hash
| Value | Description | Copy |
|---|---|---|
hashb06b126b9e26af03a7ef2f8b8e90d446 | — | |
hash783b4019fc5b942a29846132d28441c8fc31bed8 | — | |
hashfb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainm-kosche.com | — |
Threat ID: 6a0f3a01e1370fbb4820d0b7
Added to database: 5/21/2026, 4:59:45 PM
Last enriched: 5/21/2026, 5:14:59 PM
Last updated: 5/21/2026, 6:30:45 PM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.