T1528

Steal Application Access Token

discovered 2025-08-27

Abuses npm OIDC Trusted Publishing token exchange to mint package-scoped automation tokens for self-replication; also steals SCM/registry/CI and AI-provider API tokens.

View on MITRE ATT&CK

Seen in packages

npm nxuses
npm @nx/jsuses
npm @ctrl/tinycoloruses
npm @zapier/zapier-sdkuses
npm @asyncapi/specsuses
npm @quick-start-soft/quick-markdown-printuses
npm @quick-start-soft/quick-markdownuses
npm @quick-start-soft/quick-remove-image-backgrounduses
npm @quick-start-soft/quick-git-clean-markdownuses
npm @quick-start-soft/quick-document-translatoruses
npm @quick-start-soft/quick-markdown-imageuses
npm @quick-start-soft/quick-task-refineuses
npm @asyncapi/modelinauses
npm posthog-react-nativeuses
npm posthog-nodeuses
npm @postman/secret-scanner-wasmuses
npm @postman/csv-parseuses
npm @postman/node-keytaruses
npm @postman/tunnel-agentuses
npm @postman/wdio-allure-reporteruses
npm @postman/postman-mcp-cliuses
npm @postman/mcp-ui-clientuses
npm @postman/wdio-junit-reporteruses
npm @postman/pm-bin-macos-arm64uses
npm @postman/pm-bin-linux-x64uses
npm @postman/aether-iconsuses
npm pino-sdk-v2uses
npm axiosuses
npm mgcuses
npm @fairwords/websocketuses
npm @fairwords/loopback-connector-esuses
npm @fairwords/encryptionuses
npm ixpresso-coreuses
npm godsplanuses
npm eyevoxuses
npm @cap-js/sqliteuses
npm @cap-js/postgresuses
npm @cap-js/db-serviceuses
npm mbtuses
pypi pytorch-lightninguses
npm noon-contractsuses
npm @mistralai/mistralai-azureuses
npm @mistralai/mistralai-gcpuses
npm ai-figureuses
npm amapcnuses
npm @antv/a8uses
npm @antv/adjustuses
npm @antv/algorithmuses
npm @antv/async-hookuses
npm @antv/attruses
npm @antv/avauses
npm @antv/ava-reactuses
npm @antv/awardsuses
npm @antv/calendar-heatmapuses
npm @antv/chart-linteruses
npm @antv/chart-node-g6uses
npm @antv/chart-visualization-skillsuses
npm @antv/ckbuses
npm @antv/color-schemauses
npm @antv/color-utiluses
npm @antv/componentuses
npm @antv/coorduses
npm @antv/d3-coloruses
npm @antv/d3-interpolateuses
npm @antv/data-samplesuses
npm @antv/data-setuses
npm @antv/data-wizarduses
npm @antv/dipper-componentuses
npm @antv/dipper-hooksuses
npm @antv/dipper-mapuses
npm @antv/dom-utiluses
npm @antv/dumi-theme-antvuses
npm @antv/dw-analyzeruses
npm @antv/dw-randomuses
npm @antv/dw-transformuses
npm @antv/dw-utiluses
npm @antv/event-emitteruses
npm @antv/expruses
npm @antv/f2uses
npm @antv/f2-algorithmuses
npm @antv/f2-canvasuses
npm @antv/f2-contextuses
npm @antv/f2-graphicuses
npm @antv/f2-myuses
npm @antv/f2-reactuses
npm @antv/f2-siteuses
npm @antv/f2-vueuses
npm @antv/f2-wordclouduses
npm @antv/f2-wxuses
npm @antv/f6uses
npm @antv/f6-alipayuses
npm @antv/f6-coreuses
npm @antv/f6-elementuses
npm @antv/f6-hammerjsuses
npm @antv/f6-pluginuses
npm @antv/f6-uiuses
npm @antv/f6-wxuses
npm @antv/f-chartsuses
npm @antv/f-engineuses
npm @antv/f-lottieuses
npm @antv/f-myuses
npm @antv/f-reactuses
npm @antv/f-test-utilsuses
npm @antv/f-vueuses
npm @antv/f-wxuses
npm @antv/g2uses
npm @antv/g2-brushuses
npm @antv/g2-extension-3duses
npm @antv/g2-extension-avauses
npm @antv/g2-extension-plotuses
npm @antv/g2plotuses
npm @antv/g2plot-schemasuses
npm @antv/g2-plugin-slideruses
npm @antv/g2-ssruses
npm @antv/guses
npm @antv/g6uses
npm @antv/g6-alipayuses
npm @antv/g6-cliuses
npm @antv/g6-coreuses
npm @antv/g6-editoruses
npm @antv/g6-elementuses
npm @antv/g6-extension-3duses
npm @antv/g6-extension-reactuses
npm @antv/g6-mobileuses
npm @antv/g6-pcuses
npm @antv/g6-pluginuses
npm @antv/g6-plugin-map-viewuses
npm @antv/g6-pluginsuses
npm @antv/g6-react-nodeuses
npm @antv/g6-ssruses
npm @antv/g6-wxuses
npm @antv/gatsby-themeuses
npm @antv/g-baseuses
npm @antv/g-camera-apiuses
npm @antv/g-canvasuses
npm @antv/g-canvaskituses
npm @antv/g-compatuses
npm @antv/g-componentsuses
npm @antv/g-css-layout-apiuses
npm @antv/g-css-typed-om-apiuses
npm @antv/g-device-apiuses
npm @antv/g-dom-mutation-observer-apiuses
npm @antv/geo-coorduses
npm @antv/g-gestureuses
npm @antv/gi-assets-advanceuses
npm @antv/gi-assets-algorithmuses
npm @antv/gi-assets-basicuses
npm @antv/gi-assets-galaxybaseuses
npm @antv/gi-assets-graphscopeuses
npm @antv/gi-assets-hugegraphuses
npm @antv/gi-assets-janusgraphuses
npm @antv/gi-assets-neo4juses
npm @antv/gi-assets-sceneuses
npm @antv/gi-assets-tugraphuses
npm @antv/gi-assets-tugraph-analyticsuses
npm @antv/gi-assets-xlabuses
npm @antv/gi-cliuses
npm @antv/gi-common-componentsuses
npm @antv/g-image-exporteruses
npm @antv/gi-mock-datauses
npm @antv/gi-public-datauses
npm @antv/gi-sdkuses
npm @antv/gi-sdk-appuses
npm @antv/gi-theme-antduses
npm @antv/github-config-cliuses
npm @antv/g-layout-blocklikeuses
npm @antv/g-liteuses
npm @antv/gl-matrixuses
npm @antv/g-lottie-playeruses
npm @antv/g-mathuses
npm @antv/g-mobileuses
npm @antv/g-mobile-canvasuses
npm @antv/g-mobile-canvas-elementuses
npm @antv/g-mobile-svguses
npm @antv/g-mobile-webgluses
npm @antv/g-patternuses
npm @antv/g-perfuses
npm @antv/g-plugin-3duses
npm @antv/g-plugin-a11yuses
npm @antv/g-plugin-annotationuses
npm @antv/g-plugin-box2duses
npm @antv/g-plugin-canvaskit-rendereruses
npm @antv/g-plugin-canvas-path-generatoruses
npm @antv/g-plugin-canvas-pickeruses
npm @antv/g-plugin-canvas-rendereruses
npm @antv/g-plugin-controluses
npm @antv/g-plugin-css-selectuses
npm @antv/g-plugin-device-rendereruses
npm @antv/g-plugin-dom-interactionuses
npm @antv/g-plugin-dragndropuses
npm @antv/g-plugin-gestureuses
npm @antv/g-plugin-gpgpuuses
npm @antv/g-plugin-html-rendereruses
npm @antv/g-plugin-image-loaderuses
npm @antv/g-plugin-matterjsuses
npm @antv/g-plugin-mobile-interactionuses
npm @antv/g-plugin-physxuses
npm @antv/g-plugin-rough-canvas-rendereruses
npm @antv/g-plugin-rough-svg-rendereruses
npm @antv/g-plugin-svg-pickeruses
npm @antv/g-plugin-svg-rendereruses
npm @antv/g-plugin-webgl-deviceuses
npm @antv/g-plugin-webgl-rendereruses
npm @antv/g-plugin-webgpu-deviceuses
npm @antv/g-plugin-yogauses
npm @antv/g-plugin-zdog-canvas-rendereruses
npm @antv/g-plugin-zdog-svg-rendereruses
npm @antv/gpt-visuses
npm @antv/gpt-vis-ssruses
npm @antv/graphinuses
npm @antv/graphin-componentsuses
npm @antv/graphin-graphscopeuses
npm @antv/graphin-iconsuses
npm @antv/graphlibuses
npm @antv/g-shader-componentsuses
npm @antv/g-svguses
npm @antv/g-web-animations-apiuses
npm @antv/g-web-componentsuses
npm @antv/g-webgluses
npm @antv/g-webgl-computeuses
npm @antv/g-webgpuuses
npm @antv/g-webgpu-compileruses
npm @antv/g-webgpu-coreuses
npm @antv/g-webgpu-engineuses
npm @antv/g-webgpu-raytraceruses
npm @antv/g-webgpu-unitchartuses
npm @antv/hierarchyuses
npm @antv/infographicuses
npm @antv/insight-componentuses
npm @antv/interactionuses
npm @antv/istanbuluses
npm @antv/knowledgeuses
npm @antv/l7uses
npm @antv/l7-componentuses
npm @antv/l7-composite-layersuses
npm @antv/l7-coreuses
npm @antv/l7-districtuses
npm @antv/l7-drawuses
npm @antv/l7-editoruses
npm @antv/l7-extension-g-layeruses
npm @antv/l7-layersuses
npm @antv/l7-leafletuses
npm @antv/l7-mapuses
npm @antv/l7-mapkituses
npm @antv/l7-mapsuses
npm @antv/l7-miniuses
npm @antv/l7-passuses
npm @antv/l7plotuses
npm @antv/l7plot-componentuses
npm @antv/l7-reactuses
npm @antv/l7-rendereruses
npm @antv/l7-sceneuses
npm @antv/l7-sourceuses
npm @antv/l7-threeuses
npm @antv/l7-utilsuses
npm @antv/larkmapuses
npm @antv/layout-gpuuses
npm @antv/layout-wasmuses
npm @antv/li-aiearth-assetsuses
npm @antv/li-analysis-assetsuses
npm @antv/li-core-assetsuses
npm @antv/li-editoruses
npm @antv/li-p2uses
npm @antv/li-sam-assetsuses
npm @antv/li-sdkuses
npm @antv/lite-insightuses
npm @antv/matrix-utiluses
npm @antv/mcp-server-antvuses
npm @antv/mcp-server-chartuses
npm @antv/my-f2uses
npm @antv/my-f2-pcuses
npm @antv/narrative-text-editoruses
npm @antv/narrative-text-schemauses
npm @antv/narrative-text-visuses
npm @antv/path-utiluses
npm @antv/react-guses
npm @antv/s2uses
npm @antv/s2-reactuses
npm @antv/s2-react-componentsuses
npm @antv/s2-ssruses
npm @antv/s2-vueuses
npm @antv/samuses
npm @antv/scaleuses
npm @antv/semantic-release-pnpmuses
npm @antv/smart-coloruses
npm @antv/statuses
npm @antv/t8uses
npm @antv/thumbnailsuses
npm @antv/thumbnails-componentuses
npm @antv/torchuses
npm @antv/translatoruses
npm @antv/utiluses
npm @antv/vendoruses
npm @antv/vis-predict-engineuses
npm @antv/webgpu-graphuses
npm @antv/word-scale-chartuses
npm @antv/wx-f2uses
npm @antv/x6uses
npm @antv/x6-angular-shapeuses
npm @antv/x6-commonuses
npm @antv/x6-componentsuses
npm @antv/x6-geometryuses
npm @antv/x6-plugin-clipboarduses
npm @antv/x6-plugin-dnduses
npm @antv/x6-plugin-exportuses
npm @antv/x6-plugin-historyuses
npm @antv/x6-plugin-keyboarduses
npm @antv/x6-plugin-minimapuses
npm @antv/x6-plugin-scrolleruses
npm @antv/x6-plugin-selectionuses
npm @antv/x6-plugin-snaplineuses
npm @antv/x6-plugin-stenciluses
npm @antv/x6-plugin-transformuses
npm @antv/x6-reactuses
npm @antv/x6-react-componentsuses
npm @antv/x6-react-shapeuses
npm @antv/x6-vectoruses
npm @antv/x6-vue3-shapeuses
npm @antv/x6-vue-shapeuses
npm @antv/xflowuses
npm @antv/xflow-coreuses
npm @antv/xflow-diffuses
npm @antv/xflow-extensionuses
npm @antv/xflow-hookuses
npm ast-pluginuses
npm babel-plugin-versionuses
npm boring-avatars-vanillauses
npm byte-parseruses
npm canvas-nest.jsuses
npm echarts-for-reactuses
npm filesize.jsuses
npm fixed-rounduses
npm gantt-for-reactuses
npm jest-canvas-mockuses
npm jest-date-mockuses
npm jest-electronuses
npm jest-expectuses
npm jest-less-loaderuses
npm jest-random-mockuses
npm jest-url-loaderuses
npm limit-sizeuses
npm lint-mduses
npm lint-md-cliuses
npm @lint-md/cliuses
npm @lint-md/coreuses
npm @lint-md/parseruses
npm mcp-echartsuses
npm mcp-mermaiduses
npm mizuses
npm onfire.jsuses
npm react-adsenseuses
npm relationship.jsuses
npm ribbon.jsuses
npm size-sensoruses
npm slice.jsuses
npm timeago.jsuses
npm timeago-reactuses
npm uri-parseuses
npm word-widthuses
npm xmorseuses
pypi durabletaskuses
npm @redhat-cloud-services/patch-clientuses
npm weavedb-sdkuses

Campaigns

s1ngularity nx Build System Compromiseattributed-to
Shai-Huludattributed-to
No Specific Campaignattributed-to
fairwords Credential Wormattributed-to
fucktestpad npm Malwareattributed-to
Mini Shai-Huludattributed-to
Miasma: The Spreading Blightattributed-to
IronWormattributed-to