Cybersecurity researchers have uncovered a malicious npm package named “@acitons/artifact” that employed typosquatting to mimic the legitimate “@actions/artifact” package, specifically aiming at repositories owned by GitHub. Researchers believed the intention was to execute a script during the build process of a GitHub-owned repository. This script was designed to steal tokens available within the build environment and then use those tokens to publish new, harmful artifacts, effectively impersonating GitHub.
The security company, Veracode, reported observing six versions of the malicious package, ranging from 4.0.12 to 4.0.17. These versions incorporated a post-install hook designed to download and execute malware. It is worth noting that the latest version currently available for download on npm is 4.0.10, which suggests that the threat actor, identified as “blakesdev,” subsequently removed the harmful versions.
The package was initially uploaded on October 29, 2025, and rapidly gained traction, accumulating 31,398 weekly downloads and a total of 47,405 downloads overall, according to npm-stat data. In addition to this main package, Veracode identified a second npm package, “8jfiesaf83,” that exhibited similar malicious functionality. Although this package is no longer available for download, it appears to have been downloaded 1,016 times before its removal.
Further investigation into one of the malicious versions revealed that the post-install script was configured to download a binary file named “harness” from a now-deleted GitHub account. This binary was an obfuscated shell script that included a time-based execution check, preventing it from running if the current time was after 2025-11-06 UTC. The script was also set to run a JavaScript file, “verify.js,” which checked for the presence of specific GITHUB_ variables associated with GitHub Actions workflows. Any collected data was then exfiltrated in an encrypted format to a text file hosted on the “app.github[.]dev” subdomain.
Veracode concluded that the malware was exclusively targeting repositories owned by the GitHub organization, making it a highly targeted attack against the company. However, in a subsequent statement, a GitHub spokesperson clarified that the identified packages were actually part of a “tightly controlled exercise” conducted by GitHub’s internal Red Team. The spokesperson emphasized that GitHub regularly tests its security posture through realistic Red Team simulations to ensure resilience, and stated that “at no point were GitHub systems or data at risk.”
Reference:
