A Cascading Cloud Compromise Rooted in Infostealer Malware
Vercel, the San Francisco-based company behind Next.js and several other widely used open-source libraries, disclosed in a security bulletin on Sunday that its customers face a risk of compromise following a sophisticated multi-stage attack. The incident did not originate within Vercel's own infrastructure — instead, it travelled through a chain of third-party systems, cloud integrations, and overly permissive OAuth connections before reaching the company and its customers.
The bulletin highlights the growing security risks posed by interconnected SaaS platforms, where a single infected endpoint at one organization can cascade into a damaging breach affecting an entirely separate company and its end users.
The Infection Point: Roblox Cheats and Lumma Stealer
According to researchers at Hudson Rock, the chain of events began in February when an employee at Context.ai — an artificial intelligence agent company — had their computer infected with Lumma Stealer malware. The employee had been searching for Roblox game exploits online, a distribution vector commonly leveraged by infostealer operators to lure victims into downloading malicious software.
Lumma Stealer is a well-documented credential-harvesting tool that silently exfiltrates saved passwords, session tokens, and other sensitive data from infected machines. Its deployment through fake gaming cheat tools is a well-established technique among cybercriminal groups targeting both consumers and corporate employees.
How the Attacker Moved from Context.ai to Vercel
Context.ai stated on Sunday that the breach of that employee's machine allowed the attacker to access its AWS environment as well as OAuth tokens belonging to some of its users. Among those tokens was one associated with a Vercel employee's Google Workspace account.
Notably, Vercel is not a paying customer of Context.ai. However, the Vercel employee had personally been using the Context AI Office Suite and had granted it full access to their Google Workspace account. That excessive permission level became the critical pivot point for the attacker.
"The attacker used that access to take over the employee's Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as sensitive." — Vercel security bulletin
Vercel confirmed that a limited number of its customers were impacted and said they were immediately advised to rotate their credentials. The company declined to answer further questions and did not publicly specify which internal systems were accessed beyond what was stated in the bulletin.
Enumeration and Accelerated Attacker Velocity
Vercel CEO Guillermo Rauch acknowledged the breach in a post on X, stating that customer data stored by Vercel is fully encrypted. He explained, however, that the attacker was able to obtain further access through enumeration — the process of systematically counting and cataloguing specific environment variables to identify useful or exploitable information.
Rauch also raised concern about the apparent sophistication and speed of the threat actors involved: "We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI. They moved with surprising velocity and in-depth understanding of Vercel."
ShinyHunters Claim Responsibility — But Experts Are Skeptical
A threat group identifying themselves as ShinyHunters claimed responsibility for the attack via a post on Telegram. They alleged the stolen data includes access keys, source code, and databases, and stated they are attempting to sell the material.
However, cybersecurity experts have cast doubt on this attribution. Austin Larsen, principal threat analyst at Google Threat Intelligence, wrote in a LinkedIn post that the actor claiming to be ShinyHunters "is likely an imposter attempting to use an established name to inflate their notoriety." He was careful to add: "Regardless of the threat actor involved, the exposure risk is real."
Broader Impact Beyond Vercel
Vercel's bulletin also flagged that the attack on Context.ai's Google Workspace OAuth application represented a much larger problem. The company warned that the compromised app "was the subject of a broader compromise, potentially affecting its hundreds of users across many organizations."
This suggests the fallout from the original Lumma Stealer infection may extend well beyond the Vercel incident, with an unknown number of organizations that also granted Context.ai OAuth access potentially at risk of similar lateral movement by the attacker.
Blame, Investigations, and Recommended Actions
Both Vercel and Context.ai have attributed at least partial responsibility for the incident to the other party, reflecting the complex accountability questions that arise in interconnected SaaS supply chain attacks.
Separate but coordinated investigations are currently underway, with both companies working alongside CrowdStrike and Mandiant. Vercel published indicators of compromise (IoCs) and urged customers to take the following steps:
- Review recent activity logs for unusual behavior
- Audit OAuth application permissions granted by employees
- Review and immediately rotate any environment variables containing secrets or credentials
The incident serves as a stark reminder that even companies with robust internal security postures can be compromised through the permissions and integrations their employees casually approve on third-party platforms — particularly when those platforms become targets themselves.
Source: CyberScoop