GitHub Confirms Breach of 4,000 Repositories Through Malicious VSCode Extension

What Happened?

The compromise originated from a trojanised version of the Nx Console extension, identified as rwl.angular-console version 18.95.0 — a tool commonly used with Visual Studio Code, Cursor, and JetBrains IDEs that had accumulated more than 2.2 million installations. The malicious version was available on the Visual Studio Marketplace for only 18 minutes between 12:30 p.m. and 12:48 p.m. UTC on 18 May 2026, yet attackers were still able to distribute credential-stealing malware to affected users

The malicious extension harvested sensitive information from:

• 1Password vaults
• Anthropic Claude Code configurations
• GitHub authentication tokens
• npm credentials
• Amazon Web Services (AWS) credentials

GitHub confirmed that the affected endpoint was isolated immediately after detection and that incident response procedures were initiated without delay.

GitHub's Official Response

In an official statement, GitHub confirmed there is currently no evidence suggesting customer repositories hosted outside GitHub's internal environment were impacted. However, the company acknowledged that some internal repositories may contain limited customer-related information, such as excerpts from support interactions. GitHub has stated that impacted customers would be notified through established incident response channels if any additional exposure is identified.

The company has emphasised its commitment to transparency throughout the incident and continues to monitor infrastructure for any follow-on activity.

Threat Actor Claims

The cybercriminal group known as TeamPCP has allegedly claimed responsibility for the breach on the Breached cybercrime forum, claiming to possess source code and approximately 4,000 private repositories and demanding at least USD $50,000 for the stolen data.

• TeamPCP has previously been linked to several high-profile software supply chain attacks targeting:
  • GitHub
  • Docker
  • OpenAI ecosystems
  • npm and PyPI package repositories

The group has also been associated with the 'Mini Shai-Hulud' supply chain campaign, which reportedly affected multiple developers and technology organisations.

Indicators of Compromise (IOCs) and Recommended Actions

The Nx team has advised users to immediately update Nx Console to version 18.100.0 or later.

Users may have been affected if:
• Nx Console version 18.95.0 was installed during the exposure window on 18 May 2026
• The following files are present on systems:

• ~/.local/share/kitty/cat.py

• ~/Library/LaunchAgents/com.user.kitty-monitor.plist

• /var/tmp/.gh_update_state

• /tmp/kitty-*.hg
  • Suspicious Python processes are running
  • Processes containing __DAEMONIZED=1 in their environment variables are detected

• Affected users are strongly advised to:
  • Terminate suspicious processes immediately
  • Remove malicious artefacts from affected systems
  • Rotate all exposed credentials, tokens, secrets, and SSH keys
  • Review cloud access logs and repository activity
  • Enable multi-factor authentication (MFA) where applicable

Why This Attack Matters and CyLynk's Advisory

This incident demonstrates how rapidly a software supply chain attack can spread, even within an extremely short exposure window. Developers and organisations often place implicit trust in plugins, extensions, and third-party packages used in daily workflows — and attackers are increasingly exploiting this trust to access highly sensitive environments, credentials, and source code repositories.

• The attack reinforces the growing importance of:
  • Continuous monitoring of developer environments
  • Strict extension and package validation
  • Endpoint detection and response (EDR) solutions
  • Credential hygiene and secret management
  • Zero-trust security practices

• To remain protected against similar compromises, organisations are strongly advised to:
  • Install extensions only from trusted and verified publishers
  • Regularly audit installed IDE plugins and development tools
  • Implement least-privilege access controls across repositories and cloud platforms
  • Continuously monitor endpoints for unusual behaviour and unauthorised processes
  • Rotate credentials regularly and immediately after suspected compromise
  • Deploy endpoint protection and security monitoring solutions across developer environments
  • Conduct periodic software supply chain security assessments