A potentially monumental supply chain attack is underway, thanks to a self-replicating worm-like payload that has been compromising packages published on the npm Registry.
The worm has been dubbed “Shai-hulud” as it steals credentials from victims who run a compromised package and publishes them in a public GitHub repository which contains the name.
The worm also uses npm authentication tokens stolen from the victims to perpetuate the cycle of infection and compromise, and compromised GitHub tokens to exfiltrate authentication secrets and makes private repositories public.
About npm and npm tokens
Npm is a package manager for the JavaScript programming language and an online repository (at npmjs.com) that hosts millions of JavaScript and Node.js packages. Most npm packages are built from GitHub repositories.
Since npm Inc’s acquisition by GitHub in 2020, the repository is effectively operated under GitHub’s umbrella.
Developers log into npmjs.com with GitHub, then generate an npm access token that is used to publish upload new package versions on the npm Registry. Those tokens are stored locally (on a developer’s machine) or in CI/CD systems (e.g., GitHub Actions).
The Shai-Hulud worm
“The Shai-hulud worm itself is a 3MB+ behemoth of JavaScript. However, what it does is pretty straight forward,” Karlo Zanki, a reverse engineer at ReversingLabs explained.
“After an npm developer account is compromised, the worm looks for other packages the developer maintains. It then creates a new version of each of those packages by injecting itself into them. Each newly created package is modified with a postinstall action that will execute the malicious bundle.js when an unsuspecting user downloads the compromised package. This is repeated in perpetuity as the worm finds new developers to infect, and then uses them to spread even further.”
The worm also uses TruffleHog, a legitimate scanning tool, to search for GitHub personal access tokens, AWS access keys, Google Cloud Platform service credentials, Azure credentials, and NPM authentication tokens.
The malicious script validates collected credentials and, if it finds GitHub tokens, it uses them to create a public repository named Shai-Hulud, where it uploads the harvested, double–base64 encoded secrets via the GitHub /user/repos API.
“It [also] pushes a new GitHub Actions workflow to all accessible repositories. This action exfiltrates each repo’s secrets to [a webhook.site URL used by the attacker],” Wiz researchers added.
Finally, it will go through the victims’ GitHub account, turn any private repository public, add a -migration suffix to their name and change their description to “Shai-Hulud Migration.”
Private repositories turned public by the worm (Source: Aikido Security)
S1ngularity attack was a prelude to Shai-Hulud?
StepSecurity has an up-to-date list of affected packages, though their number is seemingly rising by the hour. (So far we are at 187 confirmed.)
ReversingLabs believes the first package to have been infected was rxnt-authentication.
“The malicious version of that package, 0.0.3, was published on September 14th at 17:58:50 UTC. As a result, the npm maintainer techsupportrxnt can be considered Patient 0 for this campaign,” the company shared.
Aikido researcher Charlie Eriksen says that one of the most striking features of this attack is that it behaves like a true worm.
“The attacker doesn’t need to manually target packages. Once a single environment is compromised, the worm automates the spread by piggybacking on the maintainer’s own publishing rights,” he noted.
Who is behind this attack is currently unknown, though the similarities between this attack and the August 2025 “S1ngularity” attack, which served malicious versions of the Nx build system package on the npm registry, are too many to ignore.
In both cases, the attackers:
- Exfiltrated stolen data to public repositories within victims’ GitHub accounts
- Used compromised GitHub tokens to make victim’s private repositories public
- Targeted only developers using Linux or macOS
More recently, the npm ecosystem was also shaken by a supply chain compromise involving 18 widely used npm packages getting injected with crypto-stealing code and uploaded to the npm Registry.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
Source link
