Nx compromised: malware uses Claude code CLI to explore the filesystem
At least 1.4k people are learning today that they have a new repository prefixed by s1ngularity-repository in their GitHub account. This repository was created by a malicious post-install command executed by the install of the nx build kit. That malware steals wallets and API keys (`.npmrc`, env variables, etc.) and pushes them in that repository in the results.b64 file. Interestingly, the malware checks for the presence of Claude Code CLI or Gemini CLI on the system to offload much of the fingerprintable code to a prompt.Ongoing Security Alert: Investigation and remediation continues as new information becomes available. Check back for updates. Official advisory from nx. Last updated 2025-08-27 12:00 UTCTL;DR What You Should Do NowAre you impacted?Check your Github organization for…
