Cybersecurity researchers have identified a malicious npm package, “@acitons/artifact”, that mimics GitHub’s legitimate “@actions/artifact” library. The goal appears to be the compromise of GitHub-owned repositories through build process manipulation and credential theft. This discovery highlights the growing threat of typosquatting attacks within open-source ecosystems that target trusted supply chains.
Discovery and attacker intent
According to Veracode, the package was likely created to execute during a build of an official GitHub repository. When triggered, it would attempt to steal authentication tokens from the build environment and use them to publish new malicious artifacts under GitHub’s name. This suggests the attacker aimed to exploit GitHub’s trust within the developer community to spread additional malware.
The malicious package, uploaded by a user named “blakesdev”, contained six harmful versions (4.0.12 through 4.0.17). These included a post-install hook that fetched and executed a secondary payload. The latest public version, however, is 4.0.10, which does not include the malicious code, implying that the attacker removed the compromised versions after detection.
Distribution and download statistics
The package was first uploaded on October 29, 2025, and quickly gained traction, accumulating 31,398 weekly downloads and a total of 47,405 downloads. Such numbers indicate how easily malicious packages can spread unnoticed in widely used ecosystems like npm.
Veracode also uncovered another suspicious package named “8jfiesaf83”, which demonstrated similar behavior. Though now removed, it reportedly accumulated 1,016 downloads before deletion.
Technical analysis of the payload
An inspection of one of the infected package versions revealed that its postinstall script downloaded a binary called “harness” from a deleted GitHub account. The binary itself was an obfuscated shell script programmed to stop executing after November 6, 2025 (UTC), possibly to limit exposure once the campaign ended or to avoid detection over time.
The binary also executed a JavaScript file named “verify.js”, which scanned for GITHUB_ environment variables. These variables typically appear in GitHub Actions workflows and may include sensitive data like access tokens, repository names, and workflow secrets.
Once identified, the script exfiltrated the stolen data in encrypted form to a text file hosted on “app.github[.]dev”, GitHub’s developer subdomain.
Targeting scope and motives
Veracode emphasized that the malware’s configuration made it specifically target repositories owned by GitHub, rather than a broad set of users. This deliberate targeting implies a supply chain espionage attempt or credential harvesting operation focused on GitHub’s internal or testing environments.
Interestingly, the campaign also referenced a user named “y8793hfiuashfjksdhfjsk”, an account that exists but shows no public activity. Researchers believe it might have been a testing account for the attacker’s operations, potentially used to simulate GitHub repositories before the actual attack.
Broader implications and supply chain risk
This incident once again exposes how open-source registries like npm remain vulnerable to typosquatting and dependency hijacking. By slightly altering the name of a legitimate package, attackers can deceive automated systems or developers who mistype dependencies. If unnoticed, such packages can infiltrate trusted software pipelines and compromise sensitive build infrastructure.
The campaign’s focus on GitHub’s repositories underscores the strategic potential of such attacks, where compromising one trusted entity could enable widespread downstream infections.
