Hackers infiltrate Toptal's GitHub account, leading to the spread of malicious software by the freelance development company.
In a disturbing turn of events, hackers have compromised Toptal's GitHub organization account on July 20, 2025, gaining access to 73 private repositories, including the widely used Picasso developer toolbox. The attackers published 10 malicious npm packages under Toptal's name, which were downloaded about 5,000 times before detection.
The malware embedded in these Picasso-related packages, such as @toptal/picasso-tailwind, @toptal/picasso-forms, and @toptal/picasso-typography, used two critical scripts within the package.json file. The first, a preinstall script, was designed to steal GitHub CLI authentication tokens from developers who installed the infected packages. These tokens were sent to attacker-controlled webhook URLs, potentially allowing further unauthorized access to victims’ GitHub accounts.
The second script, a postinstall script, intended to destroy the victim’s system by deleting all files. On Linux, it ran a destructive command: , which wipes the entire filesystem. For Windows, a recursive silent deletion command was similarly used.
Toptal took action to remove the infected repositories and deprecated the malicious package versions by July 23. However, the company did not issue a public statement warning users about the attack or the risk from the infected packages.
Security researchers and platforms such as Socket have emphasized the urgency for developers who downloaded these packages to uninstall the infected versions and revert to previous clean releases to avoid further damage or credential theft.
This breach highlights a significant supply chain attack targeting a popular developer toolbox within the freelance talent ecosystem. It combined token theft (enabling further attacks) with a highly destructive payload to delete user files, underscoring the risk of compromised development infrastructure without clear communication or mitigation by the affected company.
Npm packages are becoming an increasingly popular target for attackers. Similar package poisoning attacks have been used against so-called smart AI coding systems. In this case, the "is" npm package was infected with JavaScript malware, capable of running on Windows, macOS, and Linux.
Socket advises checking for malicious lifecycle scripts, rotating GitHub authentication tokens, scanning systems, reviewing npm audit logs, and dependency lock files. The tight five-minute window for the repository changes suggests either automated tooling or someone with elevated access.
Socket's team has not received a response from Toptal regarding the incident. This isn't the first time attackers have attempted such an intrusion, and as GitHub continues to face increasing levels of attack from typosquatting techniques, it's crucial for companies to prioritize security measures and clear communication with their users.
- The AI-based security systems need to be more vigilant as package poisoning attacks, like the one that targeted Toptal's Picasso developer toolbox, have become increasingly popular.
- In light of the Toptal breach, it's essential for developers to regularly audit their npm packages for any malicious lifecycle scripts, rotate their GitHub authentication tokens, scan their systems, review audit logs, and dependency lock files.
- The cybersecurity community is raising concern over Toptal's lack of public statement warning users about the attack on their packages, potentially putting users at risk of further damage or credential theft.
- The incident at Toptal serves as a grim reminder of the risks associated with compromised development infrastructure, particularly in the data-and-cloud-computing and general-news sectors, and the importance of security measures in the face of crime-and-justice threats in technology.
