Emerging ThreatsSupply Chain Attacks

Mastra Packages Compromised in Software Supply Chain Attack

Analyst 207||Source: TheHackerNews
Software development workspace with multiple computer screens and scattered papers.
"A single npm account (ehindero) mass-published more than 140 malicious packages across the Mastra scope within a short window on 2026-06-17," Socket said.

Scale and timing: what the defenders reported

Multiple security teams — JFrog, SafeDep, Socket, and StepSecurity — say as many as 144 npm packages in the Mastra namespace ("@mastra/*") were compromised in a supply chain campaign codenamed easy-day-js. The attack unfolded across two days: an npm user named "sergey2016" published an initial, clean copy of a library named "easy-day-js" on June 16, 2026 at 7:05 a.m. UTC, and malicious changes were introduced the next day on June 17, 2026 at 1:01 a.m. UTC. Socket reported that the "ehindero" account mass-published more than 140 malicious packages on June 17 in a short window.

The malicious library and multi-stage payload

The compromised packages did not carry their own malicious code; instead, the attackers added a dependency named "easy-day-js" to each package. That library contains an obfuscated payload that runs during the install process via a postinstall hook. According to the reporting, the postinstall dropper disables TLS certificate validation, retrieves a second-stage payload from attacker-controlled infrastructure at "23.254.164[.]92", and launches that payload as a detached background process before erasing traces of the loader.

The final stage is a cross-platform information stealer capable of harvesting browser history, extracting stored data from more than 160 cryptocurrency wallet browser extensions, installing persistence across Windows, macOS, and Linux, and exfiltrating collected data to the command-and-control server at "23.254.164[.]123". SafeDep characterized "easy-day-js" as a clone of the "dayjs" date library that downloads and runs a cryptocurrency-stealing remote access trojan.

How the packages were pushed and why provenance mattered

Investigators say the campaign succeeded after the attackers hijacked the "ehindero" npm account, described as a legitimate former Mastra contributor whose scope access was never revoked. Mastra's normal releases, the reporting notes, are published from continuous integration (CI) systems using npm's trusted publisher flow and carry SLSA provenance attestations. The attacker published malicious versions using a personal npm token and deliberately dropped those provenance attestations.

SafeDep observed that a consistent fingerprint repeated across the compromised scope and concluded that because Mastra generated provenance on CI publishes but did not require it, a standard npm token could still publish without attestations. As the advisory explains, "A signature-verifying install (npm audit signatures, or a policy that requires attestations) would have rejected every package in this wave." Npm has since removed the malicious versions from the highest-profile packages and reverted their latest tag.

Operational risk: installs, CI runners, and reach of @mastra/core

Socket highlighted the potential blast radius by noting that affected packages include @mastra/core, which receives more than 918K weekly npm downloads. Because the payload executes during installation, systems can be exposed before developers ever import or run the package code. The reporting warns that "any workstation, CI runner, or build environment that installed the affected versions should be treated as potentially compromised."

Recommended immediate actions cited in the advisory include rolling back to a safe version, rotating any credentials, and auditing hosts for artifacts linked to the campaign.

What this means for technologists, package maintainers, and enterprises

  • Technologists and security teams: treat installs of compromised versions as potential compromises, roll back to verified releases, rotate credentials, and search for the described artifacts and persistence mechanisms on affected hosts.
  • Package maintainers: the incident underlines the risk of unrevoked scope access and the importance of enforcing CI-originated provenance; the report notes Mastra generated but did not require SLSA attestations, and the attacker used a personal token that bypassed those attestations.
  • Enterprises and procurement leaders: prioritize policies that enforce signature-verifying installs (for example, "npm audit signatures" or equivalent policies requiring attestations) since, per SafeDep, such policies "would have rejected every package in this wave."

The easy-day-js incident is a blunt reminder that supply chain trust can be undermined not by new zero-days in source code but by the misuse of credentials and gaps in publishing policy. Npm's removal of the malicious versions and the reversion of tags address the immediate distribution vector, but the campaign's reliance on a legacy contributor token and the lack of enforced provenance raise concrete questions about token hygiene and deployment-time verification. For any organization that pulled packages from the Mastra scope on or after June 16–17, the practical next steps are already specified in the advisory: roll back, rotate, and audit — and consider making signature verification mandatory.

Original reporting: https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html

Emerging ThreatsMalicious PackagesNpmSoftware Supply ChainSupply Chain AttackPackage CompromiseJfrogSocketMastraEasy-Day-JS
Related Intelligence

Continue Reading

Cluttered room with stacked laptops and equipment, cables visible through laptop screen.

North Korean Hiring Scam Exposed with AI, US Laptop Farms

Meet the ingenious AI-powered sting operation that busted a North Korean hiring scam, exposing a massive laptop farm churning out fake remote IT workers. A suspicious resume sparked the investigation, leading to a shocking discovery of a closet full of machines impersonating candidates for Western companies.

Analyst 207
Rows of equipment racks and networking gear in a brightly-lit server room.

FortiBleed Exposes 73,000 Fortinet VPN Credentials Worldwide

A massive security breach has exposed a whopping 73,000 Fortinet VPN credentials worldwide, putting tens of thousands of firewall endpoints at risk, including those of major companies like Chevron, Samsung, and Mercedes-Benz. The alarming leak, discovered by security researcher Bob Diachenko, contains sensitive information like usernames, email addresses, and plaintext passwords.

Analyst 207
Cloud computing setup with laptop and servers in a bright office, hint of phishing activity.

GitHub Phishing Kit Targets Mexican Banks via Cloud Services

A sneaky GitHub phishing kit called "GitBait" has been targeting customers of 12 Mexican banks for three years, cleverly using cloud services like GitHub Pages and Google Sheets to stay under the radar. This cunning operation relied on over 100 GitHub-hosted domains to steal credentials, making it a challenging case for investigators.

Analyst 207
Cybersecurity team members look concerned and overwhelmed while analyzing data on a large screen.

AI-Powered Attacks Exacerbate Alert Fatigue in Cybersecurity Teams

Cybersecurity teams are drowning in data, but struggling to turn it into action - and AI-powered attacks are making alert fatigue worse. With AI-powered attacks topping the list of concerns for 41% of cybersecurity leaders, it's clear that teams need a new approach to stay ahead.

Analyst 207