Microsoft Links Mastra AI npm Supply Chain Attack to North Korean Sapphire Sleet Hackers

Microsoft has attributed the Mastra AI npm supply chain attack to the North Korean threat group Sapphire Sleet (BlueNoroff), according to BleepingComputer.

Attackers compromised more than 140 npm packages in the Mastra AI ecosystem, distributing malware that stole credentials, cryptocurrency wallet data, and development secrets.

Attack Started With a Compromised npm Maintainer Account

Microsoft says the attackers gained access to the npm maintainer account ehindero, which had publishing privileges for the @mastra package scope.

They then pushed malicious updates to more than 140 npm packages. The updates included easy-day-js, a typosquatted package impersonating the legitimate dayjs library.

The package contained malicious code that executed when developers installed or updated affected packages.

Malware Downloaded Additional Payloads

The malicious dependency launched a post-installation script that disabled TLS certificate verification, connected to attacker-controlled servers, downloaded a second-stage payload, and executed it.

The second-stage malware was a cross-platform information stealer for Windows, Linux, and macOS.

Researchers found it collected system information, browser history, installed applications, running processes, credentials, API keys, authentication tokens, and cryptocurrency wallet data.

The information stealer harvested host and system information, browser history and stored data, installed applications, running processes, stored credentials and passwords, API keys and authentication tokens, as well as cryptocurrency wallet information.

Cryptocurrency Wallets Were a Primary Target

Microsoft found the malware checked for 166 cryptocurrency wallet browser extensions, including MetaMask, Phantom, Coinbase Wallet, Binance Wallet, and TronLink.

The targeting aligns with Sapphire Sleet’s history of attacking cryptocurrency platforms, exchanges, developers, and digital asset holders.

Persistence Techniques Varied by Operating System

The malware employed different persistence mechanisms based on the victim’s operating system to ensure it remained active after installation.

On Windows systems, it created Registry Run keys that allowed the malicious code to execute automatically whenever the device started.

For macOS users, the malware established LaunchAgents to launch its components during login, while on Linux systems it installed malicious systemd services designed to restart the malware and maintain long-term access across system reboots.

Additional Post-Compromise Activity

Microsoft observed additional activity linked to Sapphire Sleet, including the deployment of a PowerShell backdoor, the creation of Microsoft Defender exclusions, the use of additional persistence mechanisms, and the installation of a malicious Windows service running with SYSTEM privileges.

Microsoft said the same PowerShell backdoor, command-and-control infrastructure, and techniques appeared in previous Sapphire Sleet campaigns.

Microsoft Connects Attack to Previous Sapphire Sleet Operations

Sapphire Sleet is a North Korean hacking group known for targeting financial institutions and cryptocurrency organizations.

Microsoft also attributed an npm supply chain compromise involving the Axios HTTP client in April 2026 to the group.

The findings indicate Sapphire Sleet is continuing to target open-source software ecosystems and developer environments.

npm Security Improvements Are Underway

The incident highlights the risk of software supply chain attacks that abuse trusted packages to distribute malware.

GitHub is developing npm v12, which is expected to include security improvements for package integrity and developer protection.