More than 180 NPM packages were hit in a fresh supply chain attack that uses self-replicating malware to steal secrets, publish them on GitHub, and make private repositories public.
As part of the attack, hackers compromised over 40 developer accounts and published more than 700 malicious package versions to the NPM registry.
The attack was flagged on September 15 by Loka senior software engineer Daniel dos Santos Pereira, but started on September 14 with less than a dozen malicious packages being published. By the end of the day, roughly 50 package versions had been published.
By September 16, the attack, named Shai-Hulud based on the names of the public repositories the code has been dumping secrets to, had hit more than 180 packages, Ox Security warns.
Some of the affected packages include @ctrl/tinycolor (which has over 2 million weekly downloads), ngx-bootstrap (with 300,000 weekly downloads), ng2-file-upload (with 100,000 weekly downloads), and multiple CrowdStrike NPM packages (which were immediately removed).
The packages were injected with a post-install script designed to fetch the TruffleHog secret scanning tool to identify and steal secrets, and to harvest environment variables and IMDS-exposed cloud keys.
The script also validates the collected credentials and, if GitHub tokens are identified, it uses them to create a public repository and dump the secrets into it.
Additionally, it pushes a GitHub Actions workflow that exfiltrates secrets from each repository to a hardcoded webhook (which was deactivated for exceeding the allowed callback limit), and migrates private repositories to public ones labeled ‘Shai-Hulud Migration’.
Cybersecurity firm Socket identified more than 700 public repositories with the Shai-Hulud Migration label on GitHub, all created around the same time that the attack unfolded.
The publishing of stolen secrets to public GitHub repositories that were created using the victims’ compromised accounts mirrors the pattern seen several weeks ago in the s1ngularity supply chain attack. In fact, security outfit Wiz says the first Shai-Hulud victims were known victims of the s1ngularity attack.
What makes the attack different is malicious code that uses any identified NPM token to enumerate and update the packages that a compromised maintainer controls, to inject them with the malicious post-install script.
“This attack is a self-propagating worm. When a compromised package encounters additional NPM tokens in a victim environment, it will automatically publish malicious versions of any packages it can access,” Wiz notes.
According to StepSecurity’s technical analysis of the Shai-Hulud attack flow, the worm targets Linux and macOS execution environments and deliberately skips Windows machines.
Multiple variations of the same data-stealer payload have been injected in the malicious versions of the compromised packages, JFrog notes. The code was seen targeting GitHub, NPM, AWS, and Google Cloud credentials, as well as Atlassian keys and Datadog API keys.
“While the main functionality is the same, some versions contain slight differences, suggesting iterative adjustments by the attacker over the course of the campaign. For example, some versions make the ‘Shai-Hulud’ repository private, hiding it from discovery. Another version also tries to steal Azure credentials,” JFrog says.
According to GitGuardian, 278 secrets have been publicly leaked as part of the attack, including 90 collected from local machines and 188 compromised through the malicious workflows. Most were rapidly revoked, but dozens of them, mainly GitHub API tokens, have remained active.
The security firm warns that the self-spreading potential of the malicious code will likely keep the campaign alive for a few more days.
To avoid being infected, users should be wary of any packages that have new versions on NPM but not on GitHub, and are advised to pin dependencies to avoid unexpected package updates.
Wiz says it has not observed the creation of new Shai-Hulud repositories but, given that the worm automates the spread by using the credentials of victim maintainers to publish new packages, any compromised account could be used to restart the attack.
“This cycle allows the malware to continuously infect every package a maintainer has access to. Each published package becomes a new distribution vector: as soon as someone installs it, the worm executes, replicates, and pushes itself further into the ecosystem,” security firm Aikido points out.
Wiz called Shai-Hulud “one of the most severe JavaScript supply-chain attacks observed to date”, and ReversingLabs warned that package inter-dependencies in the NPM ecosystem amplify the campaign’s impact.
Affected parties, ReversingLabs says, include “tech company founders and CTOs; companies providing software development services; developers working for non-profit organizations; tech leads in companies building gambling hardware and software and creating office development suites; developers in AI-first companies; security vendors — including a leading endpoint detection and response (EDR) vendor; student developers; and others that rely on NPM each day to build software.”
To detect potential compromise, NPM users are advised to check for new repositories or branches created under their accounts on GitHub, search for public repositories named Shai-Hulud or Shai-Hulud Migration that also contain their organization’s name, review GitHub audit logs, and look for suspicious API calls.
If they identify any signs of compromise, users should revoke and re-issue all GitHub and NPM tokens, as well as SSH and API keys, and environment variable secrets, and should reinstall all packages in their repositories.
Shai-Hulud is the third major supply chain attack targeting the NPM ecosystem after the s1ngularity attack and the recent compromise of Josh Junon (Qix), the maintainer of 18 NPM packages that have over 2.5 billion weekly downloads collectively.
“These attacks are not anomalies, and will continue as long as the attack vector remains viable. Organizations need to understand exactly what is in their software environments and be ready to act when something goes wrong. That means auditing dependencies, incorporating Software Bills of Materials (SBOMs) to provide transparency and enable quick vulnerability assessments, enforcing strong authentication and access controls through privileged access management, monitoring for anomalous behavior and protecting secrets so that stolen credentials cannot be weaponized,” said Keeper Security CISO Shane Barney.
Related: High-Value NPM Developers Compromised in New Phishing Campaign
Related: AI Supply Chain Attack Method Demonstrated Against Google, Microsoft Products
Related: Popular Scraping Tool’s NPM Package Compromised in Supply Chain Attack
Related: Compromised SpotBugs Token Led to GitHub Actions Supply Chain Hack
Source link
