Critical NPM Supply Chain Attack Spreads as Self-Propagating Worm Through Binding.gyp Exploits

Summary

A dangerous supply chain attack targeting NPM packages uses a malicious binding.gyp file to spread like a worm, harvesting CI/CD credentials and injecting itself into GitHub Actions workflows. The attack, discovered by StepSecurity's threat intelligence team, affects packages including AI SDKs like ai-sdk-ollama and spreads through a multi-stage payload: when developers run npm install or npm update, node-gyp's build process executes a malicious index.js that downloads the Bun runtime and exfiltrates secrets from the runner environment.

The worm's self-propagating mechanism is particularly dangerous—by injecting itself into GitHub Actions workflow files, it spreads to connected repositories and CI/CD pipelines, enabling horizontal movement across the development ecosystem. The attack represents a critical vulnerability in the npm supply chain, affecting not just Ollama SDK users but potentially any developer using compromised packages.

Security teams are investigating the full scope of affected packages and have published detailed kill chains, indicators of compromise (IOCs), and recovery procedures. Organizations should immediately audit their GitHub Actions logs for unauthorized modifications, rotate exposed credentials, and verify the integrity of their dependencies.

• StepSecurity provides complete analysis, IOCs, kill chain documentation, and recovery steps for affected maintainers and users

Editorial Opinion

This attack exposes a critical blind spot in open-source supply chain security—the implicit trust in build tools and dependencies. The self-propagating worm mechanism is particularly alarming, as it can spread from a single compromised package to dozens of downstream projects. Organizations urgently need stronger controls over build process execution and GitHub Actions workflows, along with better visibility into which dependencies execute code during installation.