Mastra NPM supply-chain incident traced to malicious dependency targeting crypto
Source headline: North Korean Hackers Blamed for Mastra NPM Supply Chain Attack
Intelligence Summary
North Korean-linked threat activity has been linked to a supply-chain compromise affecting Mastra packages. The attackers added a malicious dependency to more than 140 Mastra NPM packages. When installed, the dependency delivers a payload designed to target cryptocurrency-related browser extensions. This could enable unauthorized code execution on developer or user systems during dependency installation. The incident highlights the risk of poisoned dependencies and the need to audit and pin NPM package versions. Users should review installed Mastra package versions and watch for indicators of suspicious extension or script behavior.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.
