MICROSOFT has attributed a recent supply chain attack against Mastra, an open-source AI application development framework, to North Korean hackers, specifically a group known as Sapphire Sleet. The attack involved breaching an npm maintainer account to publish compromised versions of over 140 packages, which included a malicious dependency called easy-day-js that disabled TLS certificate verification and communicated with a command-and-control server to deliver malware targeting cryptocurrency wallets.
Researchers noted that the malware is designed to steal information from various wallet browser extensions. Microsoft recommends reviewing affected package usage and checking for the presence of the malicious dependency to mitigate risks.