The National Computer Emergency Response Team (NCERT) has issued a critical alert following a large-scale cyberattack that compromised widely used software packages. The incident, reported on September 8, 2025, stemmed from hackers breaching the account of trusted developer Josh Junon, known online as “qix,” and releasing infected versions of popular software tools.
Packages including debug, chalk, ansi-styles, and stripansi were among those affected. These tools are embedded in thousands of applications and corporate systems worldwide, raising the risk of severe and widespread damage.
Malicious Code Hidden in Popular Tools
According to NCERT, the compromised software carried hidden malware designed to steal cryptocurrency, capture login details, and expose sensitive security keys. Unlike conventional cyberattacks, no user interaction was required. Simply installing the affected packages was enough to activate the malicious code.
The advisory classified the threat as “critical,” with a danger score of 9.8 out of 10. At least 18 packages were confirmed to be compromised within hours of the attack. Unusual release patterns and suspicious traffic linked to cryptocurrency wallets were among the first warning signs.
Organizations that rely on automatic software updates were hit hardest, as malicious versions slipped into their systems without notice. NCERT advised that anyone who installed debug, chalk, ansi-styles, or stripansi around the reported date should assume their systems are at risk.
NCERT’s Immediate Recommendations
NCERT urged developers and organizations to act swiftly:
- Update to safe versions of all compromised packages immediately.
- Rebuild and redeploy applications that used the infected software.
- Reset passwords, tokens, and sensitive security keys.
- Disable automatic updates until systems are fully secured.
For long-term security, NCERT recommended multi-factor authentication for developers, continuous monitoring of software-building systems, and stricter controls over updates.
The advisory concluded with a strong warning: upgrade immediately, reset sensitive information, and strengthen defenses to prevent similar cyberattacks in the future.