Major Supply Chain Attack Hits Toptal GitHub and Open-Source Ecosystem

In a troubling example of a software supply chain attack, unknown threat actors successfully compromised the GitHub organization of Toptal, a popular freelancing platform. The attackers used their access to publish 10 malicious packages to the npm registry, each embedded with destructive payloads.

What Happened?

According to a report from security firm Socket, the attackers inserted identical malicious scripts into the package.json files of the compromised Node.js libraries. These scripts were designed to:

• Exfiltrate GitHub authentication tokens via a remote webhook endpoint.

• Delete all files and directories from the victim's system using rm -rf and similar commands on both Linux and Windows systems.

The malware was embedded in the preinstall and postinstall lifecycle hooks of the packages, triggering execution without user interaction during installation. Before their removal, the packages were downloaded roughly 5,000 times.

Affected Packages:

• @toptal/picasso-tailwind

• @toptal/picasso-charts

• @toptal/picasso-shared

• @toptal/picasso-provider

• @toptal/picasso-select

• @toptal/picasso-quote

• @toptal/picasso-forms

• @xene/core

• @toptal/picasso-utils

• @toptal/picasso-typograph

Additional Supply Chain Threats

Coinciding with the Toptal breach, researchers uncovered a separate set of malicious packages targeting both npm and PyPI (Python Package Index). These packages acted as spyware, capable of:

• Keystroke logging

• Screen and webcam capture

• System information theft

This was achieved using libraries like pyautogui, pag, and pygame.camera. Data exfiltration was handled via Gmail SMTP, Slack webhooks, and AWS Lambda endpoints.

Other Affected Packages:

• dpsdatahub (npm) – 5,869 downloads

• nodejs-backpack (npm) – 830 downloads

• m0m0x01d (npm) – 37,847 downloads

• vfunctions (PyPI) – 12,033 downloads

Amazon Q Extension Also Targeted

In a separate but related incident, the Amazon Q extension for Visual Studio Code was compromised. A malicious commit by a hacker under the alias “ghost” was merged into the project, inserting a command that instructed the AI assistant to wipe the user's filesystem and AWS resources.

Amazon responded by revoking credentials, removing the rogue code, and releasing version 1.85.0 of the extension. No production systems were impacted.

Lessons Learned

These incidents highlight the growing threat of software supply chain attacks, especially in open-source ecosystems. Developers and organizations are encouraged to:

• Use two-factor authentication on code hosting platforms.

• Review install scripts and GitHub commits.

• Monitor packages for unexpected behavior or code changes.

By increasing visibility and vigilance across the development lifecycle, stakeholders can better defend against these evolving threats.