MICROSOFT reports that the North Korean group Sapphire Sleet conducted a supply chain attack affecting over 140 NPM packages linked to the Mastra open-source framework on June 17. The attackers utilized a compromised maintainer account to introduce a malicious dependency, 'easy-day-js', masquerading as a legitimate library. This malicious package executed harmful payloads during installation, potentially exposing developer environments across Windows, macOS, and Linux systems.
Users who downloaded the affected packages, which had approximately 8 million weekly downloads, are advised to take immediate action to secure their systems, including removing the malicious versions and rotating sensitive credentials.