North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

North Korean APT Sapphire Sleet poisoned 140+ Mastra NPM packages with malicious 'easy-day-js' dependency to target developer environments and CI/CD pipelines. The malware harvests system data and targets 160+ cryptocurrency browser extensions across all major OSes. Any developer or organization using Mastra packages in the past 45 minutes is at immediate risk of compromise.

CRITICALAdvisoryJun 22, 2026

Action required

Immediately audit npm dependencies for 'easy-day-js' and any recently updated Mastra packages. Remove compromised versions, rotate all credentials (git, cloud, crypto wallets), and scan developer machines and CI/CD runners for cryptocurrency extension theft and lateral movement artifacts.

Linked articles

North Korean Hackers Blamed for Mastra NPM Supply Chain Attack

Source links

https://www.securityweek.com/north-korean-hackers-blamed-for-mastra-npm-supply-chain-attack/