Malicious nx Packages on npm: Credential Theft and System Shutdown
Multiple versions of the npm package 'nx' (including 21.5.0, 20.9.0, etc.) were maliciously compromised. An attacker used a stolen npm token to publish packages containing code that scans the user's file system, collects credentials (GitHub, system passwords, etc.), and uploads this information to a GitHub repository under the user's account. The malicious code also modifies the user's `.zshrc` and `.bashrc` files to execute `sudo shutdown -h 0` upon terminal launch, potentially shutting down the system. Affected users should immediately update their 'nx' package to the latest version and check their GitHub for compromised repositories. Nx has removed the malicious packages and implemented enhanced security measures, including mandatory 2FA and the new Trusted Publisher mechanism for all npm packages.