A sophisticated supply chain attack has targeted the Mastra-AI npm ecosystem, with researchers from Microsoft and Socket identifying over 141 compromised packages designed to silently deploy an infostealer payload on developer machines, CI/CD runners, and build environments. The campaign, detected on June 17, 2026, exploited a typosquatting dependency to deliver multi-stage malware capable of stealing cryptocurrency wallet data, browser history, and sensitive credentials.
How the Attack Was Executed
Between 01:15 and 02:36 UTC on June 17, a single npm account identified as ehindero mass-published malicious versions of 141 @mastra/* packages in a tight two-hour window. Critically, the compromised package code itself was byte-for-byte identical to legitimate builds — the only change was a single injected dependency in each manifest:
"easy-day-js": "^1.11.21"easy-day-js is a deliberate typosquat of the popular dayjs library, published the day prior by a separate account. Version 1.11.21 appeared as a clean copy of dayjs to establish a benign history. Version 1.11.22, however, added a weaponized postinstall hook running node setup.cjs — executing the malicious payload automatically during npm install, before any developer imports or uses the package.
The affected packages include @mastra/core, which receives over 918,000 weekly npm downloads, giving this campaign a substantial potential blast radius.
Two-Stage Malware Architecture
Stage 1 — The Loader (setup.cjs): Obfuscated using obfuscator.io, the loader disables TLS certificate verification, writes tracking files to fingerprint the victim machine, fetches a second-stage payload from a remote C2 IP, and spawns it as a detached background process. The loader then self-deletes to eliminate forensic traces.
Stage 2 — The Implant (protocal.cjs): A ~41 KB cross-platform Node.js tasking client that installs login persistence across all major operating systems — a Windows Registry Run key (NvmProtocal), a macOS LaunchAgent (com.nvm.protocal.plist), and a Linux systemd user unit (nvmconf.service). All mechanisms are disguised as legitimate Node.js tooling.
Built-in collection capabilities include:
- Inventorying 166 cryptocurrency wallet browser extensions (MetaMask, Phantom, Coinbase Wallet, Binance Wallet, TronLink, and others)
- Exfiltrating Chrome, Edge, and Brave browser history via Node’s built-in SQLite module
- Host reconnaissance including running processes and installed applications
Who Is Affected?
Any developer or CI/CD system that ran npm install on an affected @mastra/* version between June 17’s publish window and the packages’ removal should be treated as potentially compromised. The breadth of the Mastra ecosystem — spanning AI agent frameworks, tools, and integrations — means the affected codebases span startups to enterprise development teams.
Immediate Mitigation Steps
- Run
npm ls easy-day-jsimmediately to check for exposure in your project tree - Remove affected versions and pin to
mastra@1.13.0using lockfiles - Remove persistence artifacts manually from all affected platforms (Windows Registry, macOS LaunchAgent, Linux systemd)
- Rotate all credentials that may have been present in the installation environment — npm tokens, GitHub tokens, cloud provider keys, and CI/CD secrets
- For high-value cryptocurrency wallets, migrate funds to a new wallet generated from a fresh seed phrase on a clean device
Hardening Your Pipeline Going Forward
Organizations should run npm install --ignore-scripts by default in CI pipelines, enforce lockfiles, implement package cooldown periods for newly published versions, and monitor for outbound connections to raw IP addresses during build processes. This attack demonstrates that even packages with millions of weekly downloads can be weaponized in hours through invisible dependency injection — making supply chain vigilance a non-negotiable part of modern DevSecOps.
Source: Cyber Security News — June 17, 2026