A significant supply chain security breach has emerged with the discovery of Shai-Hulud 2.0, a sophisticated malware that has compromised over 30,000 GitHub repositories since its emergence on November 24, 2025.
This worm-like malware represents a growing threat to the developer ecosystem, specifically targeting the NPM package manager and spreading across multiple platforms including Maven and OpenVSX.
The attack demonstrates how attackers are increasingly targeting the tools developers rely on daily, stealing critical credentials and sensitive secrets from development environments.
The malware infiltrates systems through poisoned NPM packages, with the primary infection vectors being @postman/tunnel-agent version 0.6.7 and @asyncapi/specs version 6.8.3, which together account for over 60 percent of all infections.
.webp "Shai-Hulud 2.0 Malware Attack Compromised 30,000 Repositories and Stolen 500 GitHub Usernames and Tokens 2")
Once executed during the package installation phase, the malware operates through a pre-install script that runs automatically, establishing persistence and beginning its credential harvesting operations.
The worm exhibits a self-propagating capability, searching for existing GitHub credentials within compromised environments and using them to upload additional malicious repositories, creating a cascading chain of infections.
Wiz.io security analysts noted that the malware has stolen approximately 500 unique GitHub usernames and tokens from the contents.json files found across compromised repositories.
Beyond GitHub credentials, the attack has exfiltrated up to 400,000 secrets identified through Trufflehog scanning, though only about 2.5 percent of these are verified as legitimate.
.webp "Shai-Hulud 2.0 Malware Attack Compromised 30,000 Repositories and Stolen 500 GitHub Usernames and Tokens 4")
Critically, over 60 percent of leaked NPM tokens remain valid and pose an active risk for further supply chain attacks.
Credential Harvesting and Persistence Mechanisms
The infection mechanism relies on injecting malicious code into the preinstall lifecycle script, which executes during package installation with minimal user awareness.
The malware collects environment variables and system information into an environment.json file, creating a detailed fingerprint of each compromised system.
Most infected machines are Linux-based containers within CI/CD environments, with GitHub Actions being the leading targeted platform.
The malware attempts cloud secret extraction from AWS, Google Cloud, and Azure environments, though analysis reveals implementation flaws in this functionality due to missing error handling that prevents proper secret harvesting from multiple cloud providers simultaneously.
This technical oversight inadvertently limited the scope of cloud credential theft, though local secrets and development credentials remain fully compromised across thousands of organizations worldwide.
Follow us on Google News, LinkedIn, and X to Get More Instant Updates, Set CSN as a Preferred Source in Google.
