{"id":5770,"date":"2025-11-12T11:58:15","date_gmt":"2025-11-12T11:58:15","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=5770"},"modified":"2025-11-12T11:58:15","modified_gmt":"2025-11-12T11:58:15","slug":"malicious-npm-package-sneaks-into-github-actions-builds","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=5770","title":{"rendered":"Malicious npm package sneaks into GitHub Actions builds"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>A malicious npm package named \u201c@acitons\/artifact\u201d was found impersonating the legitimate \u201c@actions\/artifact\u201d module, directly targeting the CI\/CD pipelines within GitHub Actions workflows.<\/p>\n<p>According to Veracode findings, the package was uploaded on November 7 and was designed to trigger during the build process of GitHub-owned repositories. Once executed inside a CI\/CD runner, the payload captures any tokens available to that build environment and then uses those credentials to publish malicious artifacts\u2013effectively impersonating GitHub itself.<\/p>\n<p>\u201cThis incident isn\u2019t just about a malicious npm package, it is about the blind trust many organizations place in the modern supply chain,\u201d said Randolph Barr, CISO at Cequence Security. \u201cMost organizations focus their controls on runtime environments, yet the CI\/CD pipeline often runs with higher privilege than any developer. A single typosquatted dependency can silently execute code during a build, access repository tokens, and impersonate an organization, just as this attack attempted to do with GitHub\u2019s own repositories.\u201c<\/p>\n<p>The malicious package picked up over 260k downloads before detection, and a total of six versions were uploaded\u2013none detectable by \u201cany popular anti-virus\u201d products, Veracode researchers noted in a blog post.<\/p>\n<p>GitHub says that the packages were uploaded internally as part of its red teaming efforts. \u201cThe packages referenced in Veracode\u2019s blog were part of a tightly controlled exercise conducted by GitHub\u2019s Red Team,\u201d a GitHub spokesperson told CSO. \u201cGitHub takes security seriously and regularly tests its security posture through rigorous, realistic Red Team exercises to ensure resilience against current threat actor techniques. At no point were GitHub systems or data at risk.\u201d<\/p>\n<h2 class=\"wp-block-heading\"><a><\/a>Hijacking the GitHub Actions build process<\/h2>\n<p>On the surface, @acitons\/artifact package looked normal with its metadata describing it as \u201cactions artifact lib,\u201d and its homepage and repository URLs closely mirroring those of the legitimate GitHub project. But embedded inside was a post-install hook that downloaded and executed an obfuscated shell script named \u201charness.\u201d<\/p>\n<p>Veracode\u2019s <a href=\"https:\/\/www.veracode.com\/blog\/malicious-npm-package-targeting-github-actions\/\" target=\"_blank\" rel=\"noopener\">analysis<\/a> showed that this script, compiled with a shell-script compiler tool, contained a time-based kill switch set to deactivate after November 6, 2025\u2013likely to evade detection after a brief active window. Once invoked, the harness would fetch a JavaScript file (\u201cverify.js\u201d meant to check whether the build environment belonged to GitHub and, if so, exfiltrate <a href=\"https:\/\/www.csoonline.com\/article\/4052826\/ghostaction-campaign-steals-3325-secrets-in-github-supply-chain-attack.html\">GitHub Action<\/a> tokens. These tokens could then be misused to impersonate GitHub and publish malicious releases.<\/p>\n<p>\u201cTyposquatting is a well-known and growing threat vector in software supply chains whereby attackers publish packages with similar names as legitimate ones and then wait for a mistake to happen, bringing the victim to their repository to install malicious code by mistake,\u201d explained Boris Cipot, Senior Security Engineer at Black Duck. \u201cThis attack strategy is designed to exploit typos and to leverage the automated nature of CI\/CD pipelines.\u201d<\/p>\n<p>Cipot added that the use of a <a href=\"https:\/\/www.csoonline.com\/article\/4081790\/typo-hackers-sneak-cross-platform-credential-stealer-into-10-npm-packages.html?utm=hybrid_search#:~:text=npm%20postinstall%20script\">post-install hook<\/a> and a short-lived obfuscated payload shows a deliberate attempt to blend in with normal build activity.<\/p>\n<h2 class=\"wp-block-heading\">Lessons in defense<\/h2>\n<p>Barr pointed out that higher privileges in CI\/CD pipelines make them an ideal target. Attackers who compromise a build runner can inject code at the source, sign releases with legitimate credentials, or push authentic-looking artifacts.<\/p>\n<p>Mitigations, Cipot recommended, would include short-lived, scoped tokens with regular secret rotations. Automated scanning for suspicious packages using tools like Socket.dev or Phylum might also help stay ahead of the threat. Other ways to verify package authenticity include checksum validation and emerging standards like <a href=\"https:\/\/www.csoonline.com\/article\/572893\/sigstore-explained-how-it-helps-secure-the-software-supply-chain.html\">Sigstore<\/a>, he added. <\/p>\n<p>Jason Soroko, senior fellow at Sectigo, advises an immediate response for teams potentially affected. \u201cSearch source code, lockfiles, caches, and registries for @acitons and 8jfiesaf83 then quarantine any runners that fetched them,\u201d he said. \u201cRotate all tokens and review artifacts and package publish history for the period from October 29 to November 6, 2025.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>A malicious npm package named \u201c@acitons\/artifact\u201d was found impersonating the legitimate \u201c@actions\/artifact\u201d module, directly targeting the CI\/CD pipelines within GitHub Actions workflows. According to Veracode findings, the package was uploaded on November 7 and was designed to trigger during the build process of GitHub-owned repositories. Once executed inside a CI\/CD runner, the payload captures any [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":5767,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-5770","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5770"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5770"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/5770\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/5767"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}