The National Computer Emergency Response Team (NCERT) has issued a high-priority warning about a serious cyberattack targeting widely used software tools. The breach, reported on September 8, 2025, involved hackers breaking into the account of a trusted developer, Josh Junon (known online as qix), and releasing harmful versions of popular software packages.
These packages, including debug, chalk, ansi-styles, and stripansi, are used in thousands of apps and services worldwide, from small websites to large corporate systems. Because they are built deep into other programs, the attack increases the risk of widespread damage.
According to NCERT, the hacked software carried hidden malicious code designed to steal cryptocurrency, capture login details, and expose security keys. Unlike many cyberattacks, users didn’t need to click on anything or open files for this one to work. Simply installing the affected software was enough to trigger the attack.
The advisory rated the incident as “critical,” with a top-level danger score of 9.8 out of 10. At least 18 software packages were confirmed to be compromised within a short period on September 8. Signs of the attack included strange software release patterns and suspicious traffic linked to cryptocurrency wallets.
Organizations that automatically update their software were hit hardest, since the malicious versions slipped into apps without warning. Anyone who installed debug, chalk, ansi-styles, or stripansi around that time was told to assume their systems could be compromised.
NCERT has urged companies and developers to:
- Update to safe versions of all affected software immediately.
- Rebuild and redeploy any applications that may have used the hacked versions.
- Change passwords, security tokens, and other sensitive keys.
- Turn off automatic updates temporarily until systems are secured.
For the long term, NCERT recommended stricter security steps, such as multi-factor authentication for developers, continuous monitoring of app-building systems, and tighter controls over software updates.
The warning ended with a strong call to action: upgrade now, reset sensitive information, and prepare for future attacks of this kind.