A new Shai-Hulud supply chain attack has hit nearly 500 npm packages with a total of 132 million monthly downloads.
The latest campaign follows one in September that infected nearly 200 npm packages with more than 2 billion weekly downloads.
The new campaign targeting the packages used to run JavaScript outside of a browser was reported by Aikido and other security firms.
Aikido noted that a total of 492 packages have been affected by the self-replicating worm, and more than 25,000 compromised repositories labeled “Sha1-Hulud: The Second Coming” have been created containing sensitive information like passwords, API keys, cloud tokens, and GitHub or npm credentials.
“The timing is notable, given npm’s recent announcement that it will revoke classic tokens on December 9 after the wave of supply-chain attacks,” Aikido’s Charlie Eriksen said. “With many users still not migrated to trusted publishing, the attacker seized the moment for one more hit before npm’s deadline.”
Shai-Hulud Attack Affects Packages from Zapier, AsyncAPI and Others
Shai-Hulud, named after the giant sandworms from Dune, is a self-replicating npm worm built to spread quickly through compromised developer environments.
The latest attack has hit major npm packages from the likes of Zapier, ENS, AsyncAPI, PostHog, Browserbase, and Postman.
“Once it infects a system, it searches for exposed secrets such as API keys and tokens using TruffleHog and publishes anything it finds to a public GitHub repository,” Eriksen said. “It then attempts to push new copies of itself to npm, helping it propagate across the ecosystem, while exfiltrating data back to the attacker.”
If a developer installs one of these malcicious packages, the malware runs quietly during installation before anything even finishes installing, giving the malware access to the developer’s machine, build systems, or cloud environment, he said.
If stolen secrets include access to code repositories or package registries, attackers can use those secrets to break into additional accounts and publish more malicious packages, spreading the attack even further.
“Because trusted ecosystems were involved and millions of downloads are affected, any team using NPM should immediately check whether they were impacted and rotate any credentials that may have leaked,” Eriksen said.
Shai-Hulud Worm Details
Ashish Kurmi of Step Security noted that the latest evolution of the malware “disguises the entire payload as a helpful Bun installer.”
The core payload – bun_environment.js – is 10MB and uses “extreme obfuscation techniques,” Kurmi added.
These include “a massive hex-encoded string array containing thousands of entries,” an anti-analysis loop “that performs millions of arithmetic operations,” and every string in the code is retrieved through an obfuscated function.
The malware delays full execution on developer machines by “forking itself into the background,” Kurmi said. “The user’s terminal returns instantly, giving the illusion of a normal install, while seconds later a completely detached process begins exfiltration.”
“It executes a sophisticated, multi-stage pre-install attack that targets both CI/CD runners and developer workstations with equal effectiveness,” Kurmi said.
Wiz noted that the malware targets AWS, Azure and Google Cloud Platform (GCP) by “bundling official SDKs to operate independently of host tools.”
