◈ AI Security Intelligence ← Daily feed
Vulnerability  ·  2026-06-23

North Korea (Sapphire Sleet) Backdoors 141 Mastra AI npm Packages — Cross-Platform Infostealer via Postinstall Hook

VulnerabilityHigh impactGlobal
What happened
On June 17, 2026, North Korean state-sponsored threat actor Sapphire Sleet (BlueNoroff/APT38) compromised the dormant npm maintainer account 'ehindero' — which retained publish rights across the entire @mastra scope — and in an 88-minute window published malicious updates to 141 Mastra AI framework packages. Each package had a typosquatted dependency 'easy-day-js' (mimicking the legitimate dayjs library) injected into package.json. When installed, a postinstall hook ran an obfuscated dropper that disabled TLS verification, beaconed to attacker C2, and downloaded a second-stage cross-platform infostealer targeting Windows, Linux, and macOS. The stealer harvested 166 cryptocurrency wallet browser extensions, browser history, credentials, API keys, and authentication tokens, with OS-specific persistence (Registry Run keys / LaunchAgents / systemd). Microsoft attributed with high confidence on 2026-06-19; BleepingComputer reported on 2026-06-20; SecurityWeek confirmed attribution on 2026-06-22.
Why it matters
Mastra is a popular JavaScript framework for building AI agents. The attack hit the full @mastra npm scope — over 1.1 million combined weekly downloads. Any developer or CI/CD pipeline running npm install during the exposure window silently executed nation-state malware, potentially handing Sapphire Sleet LLM API keys, cloud credentials, and cryptocurrency wallets. This is the second Sapphire Sleet npm supply-chain attack in 2026 (after the Axios compromise in April), confirming a sustained campaign targeting the AI/developer ecosystem.
Attack vector
npm install of any @mastra package during the 88-minute compromise window automatically executed the malicious postinstall hook via the injected easy-day-js dependency.
Affected systems
@mastra npm scope — 141 packages, all versions published 2026-06-17 during the compromise window
Mitigation
Audit npm install logs for @mastra packages installed on 2026-06-17 between ~01:07–02:39 UTC. Rotate all credentials (API keys, cloud tokens, crypto wallet seeds) on any affected machine. Update to clean @mastra package versions. Review: https://www.bleepingcomputer.com/news/security/microsoft-links-mastra-ai-supply-chain-attack-to-north-korean-hackers/ and https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply-chain-compromise/
Sources
BleepingComputer — Microsoft links Mastra AI supply chain attack to North Korean hackersSecurityWeek — North Korean Hackers Blamed for Mastra NPM Supply Chain AttackMicrosoft Security Blog — Postinstall payload inside Mastra npm supply chain compromise
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →