Hackers Compromise Popular Open-Source Packages in Ongoing Supply Chain Attack

Hackers have compromised dozens of popular Open-Source Packages in a new wave of supply chain attacks targeting software developers around the world.

The attack is serious because open-source packages are used inside countless apps, websites, developer tools, and business systems. When attackers compromise a trusted package, they can push malicious updates that may reach many downstream users before anyone notices.

Cybersecurity firms StepSecurity and SafeDep warned about the latest wave of attacks, which involved hackers taking over developer accounts and releasing malicious package versions designed to steal sensitive credentials.

What Happened?

According to SafeDep, hackers took over one developer’s account and released more than 630 malicious versions across 317 packages in about 20 minutes.

The goal of the attack was to steal credentials for different services, including password managers. That makes the attack especially dangerous because stolen credentials can help hackers access more systems, steal more data, and continue spreading malware.

This type of attack is known as a software supply chain attack. Instead of attacking every company directly, hackers target the tools and code that developers already trust.

What Is a Supply Chain Attack?

A supply chain attack happens when hackers compromise a trusted third-party tool, package, library, or vendor used by other developers or companies.

In simple words, attackers do not always break into a company from the front door. Sometimes, they poison the software that company already depends on.

For example, if a developer installs an infected open-source package, the malicious code may run inside their project or development environment. From there, attackers may try to steal passwords, tokens, cloud keys, or other sensitive information.

Why Open-Source Packages Are a Big Target

Open-source software is used everywhere. Developers rely on packages and libraries to save time instead of writing every piece of code from scratch.

That convenience is powerful, but it also creates risk. If a popular package is compromised, the damage can spread quickly.

Many developers automatically update packages or trust popular libraries because they have been safe in the past. Hackers understand this trust and try to abuse it.

Which Packages Were Affected?

One of the compromised packages mentioned in the report is AntV, a library made by Alibaba. In some cases, hackers also published malicious updates on GitHub, according to security researchers.

The attack affected many packages, but the larger concern is not only one library. The bigger issue is that attackers are continuing to target Open-source packages maintainers and developer accounts.

Also read;

2027 Toyota Tundra TRD Hammer Could Be the Raptor Rival Truck Fans Wanted

X Likes Tab Removed 2026: What Actually Happened?

16 Easy Trader Joe’s Dinner Ideas for Busy Weeknights

2015 Mitsubishi Lancer Evolution Final Edition Hits Auction With Just 722 Miles

What Is Mini Shai-Hulud?

Researchers have connected this wave of attacks to a wider campaign called Mini Shai-Hulud.

The name comes from an earlier, larger hacking campaign. This latest version appears to be a smaller but still serious continuation of that activity.

Last week, another wave of Mini Shai-Hulud attacks reportedly compromised the computers of two OpenAI employees after attackers hacked the open-source library TanStack. OpenAI was one of several victims.

Why This Attack Is Dangerous

This attack is dangerous because it targets the foundation of modern software development.

Most apps today depend on third-party packages. These packages can handle design components, charts, authentication, testing, data processing, and many other tasks. If one of those packages becomes malicious, developers may unknowingly bring harmful code into their own systems.

The risk becomes even bigger when the malware tries to steal credentials. Stolen credentials can give attackers access to:

• GitHub accounts
• Cloud services
• Password managers
• API keys
• Developer systems
• Company infrastructure
• Private code repositories

Once attackers get access to these systems, they may be able to move deeper into an organization.

Why Developers Should Be Concerned

Developers should take this seriously because supply chain attacks can spread very quickly.

In this case, hundreds of malicious package versions were released in a very short time. That speed makes it hard for security teams to react before some users are affected.

Even experienced developers can be caught by this kind of attack because the malicious code comes through tools they already trust.

What Developers Should Do Now

Developers and security teams should review their package usage and check whether any affected packages were installed or updated recently.

Useful safety steps include:

• Review recent package updates
• Check dependency lock files
• Rotate exposed credentials
• Audit GitHub tokens and API keys
• Review CI/CD pipeline access
• Scan projects for suspicious package versions
• Avoid blindly updating dependencies
• Use package security monitoring tools
• Enable multi-factor authentication on developer accounts
• Limit token permissions wherever possible

If a developer installed a suspicious package version, rotating credentials should be a priority.

Why Password Managers Were Mentioned

The report says the malware aimed to steal credentials for different services, including password managers.

That is especially concerning because password managers often store access to many accounts in one place. If attackers can steal password manager data or related session credentials, they may gain access to a much larger set of accounts.

This does not mean every password manager user is affected. But it does show why credential theft is one of the most dangerous goals in a supply chain attack.

The Bigger Problem With Open-Source Security

Open-source software powers much of the internet, but many projects are maintained by small teams or individual developers.

That creates a security challenge. A package may be used by thousands of companies, but it may still depend on one maintainer’s account security.

If attackers compromise that account, they may be able to publish malicious updates that appear legitimate.

This is why Open-source packages security now requires more than just trusting a package name. Developers need stronger verification, safer update habits, and better monitoring.

Conclusion

The latest Open-Source Packages supply chain attack shows how quickly trusted software can become a security risk when hackers compromise developer accounts.

With more than 630 malicious versions released across 317 packages in about 20 minutes, the attack highlights how fast these campaigns can spread. The goal was to steal credentials and continue expanding the malware’s reach, making it a serious warning for developers and companies that depend on Open-Source Packages.

Open-source tools are still essential, but this incident is a reminder that software teams must treat dependency security as a core part of cybersecurity.

Source