Malicious versions of Nx and some supporting plugins were published
26 points by hoistbypetard
26 points by hoistbypetard
The laziest possible exploit.
This is my worst nighmare. I run so much Javascript written by who knows who and secured by hopes & dreams, as a necessity to do my job. It’s time I sorted out some kind of sandboxing.
https://news.ycombinator.com/item?id=45041798 gave a simple example of a bubblewrap-based wrapper that works for npm, yarn, etc.
Didn’t know what Nx was. Went looking at their repo/readme.
“AI-first build platform”
Color me entirely unsurprised. GenAI crowd failing at security is nothing new.
Edit: oh my god it’s even worse. It was a prompt injection attack, they just ask whatever LLM the user is using with Nx to steal everything.
I thought there was some “play stupid games, win stupid prizes” energy to the whole thing.
The main thing that led me to submit this primary source advisory was the fact that it was initially submitted as a blog post by another AI-type company that makes tools to help detect/prevent this sort of thing. And in their blog post (which was 65% advertisement, 35% advisory, IMO), that AI company advised that you should check to see if you had installed the malicious version by executing it and looking at the output.
The “script” (LLM prompt) in the appendix is frightening.
I hadn’t actually considered getting infected with a sloppy virus (even if people using LLMs to write viruses is obvious). Now I’m even more afraid of the havoc a vibecoder “script kiddie” could cause…
I’ll take solace in being on NixOS and the corpus of #!/bin/bash shebangs likely making LLMs generate scripts that just don’t startup (/bin/bash doesn’t exist, proper portable shebang is #!/usr/bin/env bash).
But this script was using the portable version.
The prompt was fairly short, the javascript did all the heavy lifting of sending the files to somewhere else.
Yeah cause it’s JS, if it generated a shell script I think the result would likely be different.
Anyways my security is not based on /bin/bash not existing so I’ll be mostly fine :)