144 Mastra npm Packages Compromised via Hijacked Contributor Account App Security

“This makes the Mastra ecosystem an exceptionally high-value target for supply chain attackers.” The “easy-day-js” package launches an obfuscated payload that’s fired during a postinstall hook, which acts as a dropper or loader for a second-stage payload retrieved from attacker-controlled infrastructure (“23.254.164[.]92”) after disabling TLS certificate validation. As many as 144 npm packages associated with the Mastra namespace (“@mastra/*”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, SafeDep, Socket, and StepSecurity.

The Security Issue

The final stage is a cross-platform information stealer that can harvest browser history, store data from over 160 cryptocurrency wallet browser extensions, install persistence across Windows, macOS, and Linux, and exfiltrate the captured information to a command-and-control (C2) server (“23.254.164[.]123”).

Further details indicate that “Because Mastra sits at the intersection of AI development and cloud infrastructure, its packages are routinely installed in environments that hold some of the most sensitive credentials in modern software development,” StepSecurity said.

This campaign shows how a small dependency change can become an install-time compromise across a large package ecosystem.” The attackers behind the campaign are said to have hijacked the “ehindero” account, a legitimate former Mastra contributor whose scope access was never revoked.

“Mastra ships its real releases from CI through npm’s trusted publisher flow, and each one carries SLSA provenance attestations,” SafeDep said.

”), a popular open-source JavaScript and TypeScript framework for building artificial intelligence (AI) applications, have been compromised as part of a software supply chain attack codenamed easy-day-js, per findings from Endor Labs, JFrog, SafeDep, Socket, and StepSecurity. ”, Spokesperson

Risk to Applications

“Even if the first-stage package is removed after installation, the second-stage process may continue running and may have already installed persistence. Npm has since pulled the malicious versions from the highest-profile packages and reverted their latest tag. “The attacker pushed the malicious versions from a personal token and dropped the provenance.” “The same fingerprint repeats across the whole scope.

A signature-verifying install (npm audit signatures, or a policy that requires attestations) would have rejected every package in this wave.” Any workstation, CI runner, or build environment that installed the affected versions should be treated as potentially compromised.

“The affected packages include @mastra/core, which receives more than 918K weekly npm downloads, giving this campaign a large potential blast radius,” Socket said.

Fix Recommendations

1. It’s advised to roll back to a safe version, rotate any credentials, and audit the hosts for any artifacts linked to the campaign.

Analysis

Organizations should review their exposure and apply available mitigations promptly.

Security teams should monitor vendor advisories and threat intelligence sources closely for additional context or updates. Organizations with mature security programs are advised to incorporate this intelligence into their regular risk assessments and prioritize response activities based on exposure and asset criticality. For environments where immediate remediation is not feasible, compensating controls such as network segmentation, enhanced monitoring, and access restrictions should be evaluated. Security leadership should communicate relevant details to operational teams and ensure that incident response capabilities are prepared if exploitation is observed in the wild.