Mastra AI npm scope takeover via `easy-day-js` typosquat dropper
On 2026-06-17 between ~01:12 and 02:36 UTC, the dormant ehindero contributor account — never revoked from the @mastra scope — was used to mass-publish ~144 trojanised @mastra/* releases plus mastra and create-mastra, each declaring a new easy-day-js dependency whose postinstall hook drops a cross-platform crypto-wallet stealer / RAT. Microsoft attributes the activity to Sapphire Sleet (BlueNoroff) with high confidence; combined exposure ~1.1M weekly downloads.
- Threat actor
- Sapphire Sleet (BlueNoroff)
- Detected by
- Socket · Microsoft · JFrog · Snyk · StepSecurity · Mend · Aikido · Phoenix Security · SafeDep · OX Security · Endor Labs
- Also known as
- easy-day-js campaign · Mastra scope takeover
- Ecosystems
- npm
- Packages tracked
- 17
What happened
Between 01:12 and 02:36 UTC on 2026-06-17 (18:12–19:36 PT 2026-06-16), an attacker logged into the dormant npm account ehindero — a legitimate former Mastra contributor whose owner permissions on the @mastra scope had never been revoked — and mass-published trojanised versions of ~144 packages across the namespace. The account had been inactive for ~16 months and the publish email had been quietly switched from a gmail.com address to a tutamail.com one, consistent with a credential takeover followed by email substitution.
The code inside each @mastra/* tarball was byte-for-byte identical to its clean predecessor save for a single added production dependency: easy-day-js. That package, a dayjs typosquat published a day earlier (2026-06-16 07:05 UTC) by an unrelated account sergey2016, shipped a clean 1.11.21 release as bait, then a weaponised 1.11.22 carrying an obfuscated postinstall hook (setup.cjs). Because every affected @mastra/* package declared the dependency as ^1.11.21, fresh installs resolved to the malicious 1.11.22 and ran the dropper automatically.
The loader disables TLS certificate verification, fetches a second-stage payload from 23.254.164.92:8000/update/49890878, executes it as a detached background process pointing at C2 23.254.164.123:443, then deletes itself. The second stage is a cross-platform information stealer plus remote-access trojan: it harvests browser history and the stored data of >160 cryptocurrency wallet browser extensions (MetaMask, Phantom, Coinbase Wallet, Solflare, OKX, Keplr, ...), installs persistence on Windows / macOS / Linux, and exfiltrates to the operators' C2. Microsoft Threat Intelligence also documents two additional staging domains — teams[.]onweblive[.]org and maskasd[.]com — and publishes SHA-256 hashes for setup.cjs, easy-day-js-1.11.21.tgz, and easy-day-js-1.11.22.tgz for IOC searches.
Mastra discovered the publishes at 20:45 PT, removed ehindero from the scope, unpublished 110 of the 116 newly-published versions, deprecated the remaining six that npm's unpublish window blocked, and forward-rolled clean releases via PR #18056 by 23:57 PT. Combined weekly download exposure across the affected packages exceeds 1.1M; @mastra/core alone receives >918K weekly installs (~4M monthly).
Attribution — Sapphire Sleet (BlueNoroff)
On 2026-06-17 Microsoft Threat Intelligence published a long-form analysis attributing the activity with high confidence to Sapphire Sleet (also tracked as BlueNoroff / UNC1069), a North Korea-nexus actor that primarily targets financial-sector and cryptocurrency firms. The Hostwinds-hosted C2, the clean-then-armed typosquat playbook, the TLS-off / detached-spawn / self-delete postinstall dropper, and the >160-wallet-extension stealer payload all match the Axios npm compromise of 2026-03-31 that Microsoft and Google also attributed to Sapphire Sleet. This is the second wide-scope npm registry takeover Microsoft has tied to the cluster within 2026.
Independent disclosures from Socket, JFrog, Snyk, StepSecurity, Mend, Aikido, Phoenix Security, SafeDep, OX Security, Endor Labs, and Cloudsmith converge on the same package set, IOCs, and account-takeover root cause. The easy-day-js package itself was removed from npm shortly after Socket's automated flag, ~6 minutes after the first malicious publish.
Affected packages (17)
- npm
@mastra/agent-browser0.3.2 - npm
@mastra/auth1.0.3 - npm
@mastra/core1.42.1 - npm
@mastra/evals1.3.1 - npm
@mastra/github-signals0.1.2 - npm
@mastra/loggers1.1.3 - npm
@mastra/mem00.1.14 - npm
@mastra/memory1.20.4 - npm
@mastra/node-audio0.1.8 - npm
@mastra/node-speaker0.1.1 - npm
@mastra/rag2.2.2 - npm
@mastra/react1.0.1 - npm
@mastra/schema-compat1.2.12 - npm
@mastra/voice-playai0.12.2 - npm
create-mastra1.13.1 - npm
easy-day-js1.11.22 - npm
mastra1.13.1
Impact
- Cryptocurrency wallet theft: 160+ browser-extension wallets (MetaMask, Phantom, Coinbase, Solflare, OKX, Keplr) drained on install
- Cross-platform infostealer + RAT with Windows/macOS/Linux persistence
- CI/CD runner compromise:
postinstallruns automatically duringnpm install - Stored secrets and tokens exfiltrated to attacker C2 (
23.254.164.123:443) - Loader disables TLS verification before fetching the second stage
What to do
- 1Run
npm ls easy-day-jsin every project and CI runner — any match indicates execution of the dropper - 2Treat any host that installed an affected
@mastra/*version on or after 2026-06-17 01:12 UTC as compromised; rebuild from a known-good image - 3Pin
mastra@1.13.0,create-mastra@1.13.0,@mastra/core@1.42.0(or the post-incident clean release pushed by Mastra in PR #18056) and reinstall after deletingnode_modulesand the lockfile entries - 4Rotate browser-extension wallet seed phrases, npm tokens, cloud credentials, and any SSH/Git keys accessible from the affected machine
- 5Block egress to
23.254.164.92and23.254.164.123and search proxy/IDS logs for prior contacts - 6Audit npm owner lists for every scope you control and revoke any dormant former-contributor access
References
- Socket140+ Mastra npm Packages Compromised in Coordinated Supply Chain Attacksocket.dev
- MicrosoftFrom package to postinstall payload: Inside the Mastra npm supply chain compromise by Sapphire Sleetmicrosoft.com
- JFrogeasy-day-js: Supply Chain Campaign Targets Mastra npm Packagesresearch.jfrog.com
- SnykA forgotten contributor account compromised the entire Mastra npm package scopesnyk.io
- StepSecurityMastra npm Supply Chain Attack: 140+ Packages Backdoored via easy-day-js Typosquatstepsecurity.io
- MendMastra npm Scope Takeover: 140+ Packages Compromised via easy-day-js Droppermend.io
- The Hacker News144 Mastra npm Packages Compromised via Hijacked Contributor Accountthehackernews.com
- MastraINCIDENT REPORT: 2026-06-16: Mastra hit by supply-chain attack (Issue #18061)github.com
- BleepingComputerMicrosoft links Mastra AI supply-chain attack to North Korean hackersbleepingcomputer.com
- CloudsmithInside the Mastra npm supply-chain attackcloudsmith.com
- KodemMastra npm packages compromised: easy-day-js supply chain attack — IOCs and response runbookkodemsecurity.com
- OX Securityeasy-day-js supply chain attack hits Mastra AI in npmox.security
- Phoenix Securityeasy-day-js Mastra npm supply-chain typosquat RAT (2026)phoenix.security
- Sonatypeeasy-day-js targets Mastra: dependency attacks grow (Sonatype-2026-003926)sonatype.com
- SnykSNYK-JS-EASYDAYJS-17353313: easy-day-js malicious codesecurity.snyk.io