A major supply chain attack, known as the Mastra attack, has impacted the JavaScript ecosystem, compromising over 140 npm packages. The attack involves a clean Mastra package that uses a malicious typosquatted package named 'easy-day-js' as a dependency. This malware hides in a postinstall hook and automatically activates during npm installations, disabling TLS certificate validation and downloading a second-staged infostealer.
This infostealer captures browser history and data from over 160 cryptocurrency wallet extensions, functioning across Windows, macOS, and Linux. Socket, the security firm that discovered the attack, managed to block the malicious package shortly after its release, prompting users to remove compromised versions and secure their tokens and credentials.