Shai-Hulud Infostealer Supply Chain Attack on npm Ecosystem
A major supply chain attack targeted the npm ecosystem in September 2025, where an infostealer with worm-like characteristics, dubbed Shai-Hulud, compromised over 500 npm packages. The attack leveraged a previous compromise of the s1ngularity/nx project, exploiting CI/CD pipeline credentials and propagating through both direct and indirect dependencies. Security researchers confirmed that attackers exfiltrated GitHub and npm tokens, enabling them to inject malicious code into widely used packages and potentially access internal networks, move laterally, or tamper with software releases.
The incident highlighted the persistent risks associated with CI/CD pipeline security, as attackers exploited overlooked access to secrets such as API keys and deployment tokens. The scale of the attack forced engineering and security teams worldwide to spend significant resources cleaning compromised environments and assessing exposure, even though the direct financial impact was limited. The event underscored the need for enhanced runtime security monitoring, such as eBPF-based sensors, and stricter controls on package publishing and consumption to defend against similar threats in the future.
Timeline
Nov 5, 2025
Datadog publishes runtime-focused supply-chain detection guidance
Datadog Security Labs publishes analysis advocating runtime security as an approach to detecting software supply-chain attacks, adding defensive guidance to the evolving threat landscape.
Nov 4, 2025
Researchers highlight malicious IDE extensions as a supply-chain risk
The threat model is expanded to include malicious extensions distributed through developer marketplaces such as Microsoft VS Code Marketplace and Open VSX, emphasizing that supply-chain compromise can occur through tooling as well as packages.
Nov 4, 2025
Malware incorporates LLM-prompt-driven info-stealing behavior
Researchers note the emergence of malware embedding LLM-prompt-based logic to drive information-stealing behavior, reflecting AI-assisted evolution in supply-chain and developer-targeted attacks.
Nov 4, 2025
Attackers use QR-code steganography to hide malicious instructions
The reporting identifies a technique in which QR-code images are used to conceal instructions or payload-delivery logic, helping malicious content evade straightforward inspection in software supply-chain contexts.
Nov 4, 2025
Shai-Hulud demonstrates worm-like package self-propagation
The Shai-Hulud activity is highlighted as an example of worm-like behavior in the software supply chain, where malicious changes can spread across many packages rather than remaining isolated to a single dependency.
Nov 4, 2025
Automated pull-request attacks against GitHub Actions are observed
Researchers describe newer supply-chain techniques that use automated pull requests to abuse GitHub Actions workflows, showing how attackers can scale malicious code introduction through developer collaboration processes.
Nov 4, 2025
Lazarus Group targets npm and PyPI for espionage activity
The reporting cites nation-state activity by the Lazarus Group using open-source package registries including npm and PyPI as part of espionage-oriented operations, expanding the supply-chain threat model beyond financially motivated abuse.
Sep 1, 2025
Chalk and Debug libraries are hijacked
In September 2025, the Chalk and Debug libraries were hijacked in a prominent open-source supply-chain incident, illustrating how attacks on widely used packages can trigger broad downstream disruption and incident-response work across many organizations.
Nov 4, 2023
Supply-chain attacks shift toward targeting maintainers and developers
Over roughly the two years preceding late 2025, software supply-chain attacks increasingly moved away from infrastructure-centric compromises such as CI/CD or update-channel tampering and toward phishing, credential theft, and other human-targeted attacks against open-source maintainers.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Threat Actors
Sources
Related Stories
Shai-Hulud Worm and Related Malicious NPM Package Attacks Targeting Software Supply Chains
A large-scale supply chain attack has targeted the Node Package Manager (NPM) ecosystem, compromising hundreds of widely used JavaScript packages and threatening the security of software development pipelines globally. In mid-September, cybersecurity researchers identified a self-propagating malware dubbed "Shai-Hulud," which was distributed through trojanized NPM packages, including some with millions of weekly downloads and high-profile packages such as those from CrowdStrike. The attack leveraged a malicious "bundle.js" script that downloaded and executed TruffleHog, a legitimate credential scanner, to harvest developer and CI/CD tokens, cloud service credentials, and environment variables from compromised systems. The stolen credentials were exfiltrated via hard-coded webhooks and GitHub Actions workflows, enabling the attacker to further propagate the malware and gain unauthorized access to sensitive resources. The campaign affected both Windows and Linux systems, increasing its reach and impact across diverse development environments. Sysdig reported that the attack on September 15 involved approximately 200 compromised packages, including @ctrl/tinycolor, and was linked to an attacker who had previously targeted Nx packages in late August. The worm not only stole secrets but also published them publicly on GitHub and attempted to make victim repositories public, amplifying the risk of further compromise. Earlier in the month, other popular packages such as chalk, debug, and duck were also compromised following a successful spear phishing attack against a maintainer, with the attacker seeking to redirect cryptocurrency payments. NPM responded by removing the malicious package versions, but users were required to update or revert to secure versions to mitigate the risk. Sysdig provided same-day threat intelligence and detection capabilities to its customers, including open source Falco rules to identify and respond to the threat. The attack demonstrated the vulnerability of even the most trusted and widely used open source packages, highlighting the importance of continuous monitoring and rapid response in the software supply chain. Security researchers and vendors emphasized the need for organizations to scan their environments for known malicious packages, such as dist.fezbox.cjs, and to review logs for signs of credential exfiltration. The incident underscored the evolving tactics of threat actors targeting developer ecosystems, using advanced techniques to automate propagation and maximize impact. Organizations relying on NPM packages and CI/CD pipelines were urged to remain vigilant, update dependencies promptly, and leverage threat intelligence resources to defend against similar attacks. The Shai-Hulud campaign remains an evolving threat, with ongoing analysis and mitigation efforts by the security community. This incident serves as a stark reminder that popularity and trust in open source packages do not guarantee safety, and proactive security measures are essential to protect software supply chains from compromise.
1 months ago
Shai-Hulud 2.0 npm Supply Chain Attack Compromises Trust Wallet and Cloud Credentials
A sophisticated supply chain attack, dubbed Shai-Hulud 2.0, targeted the npm JavaScript ecosystem by compromising maintainer accounts of widely used packages. Attackers injected malicious scripts into the preinstall phase of these packages, enabling the theft of credentials from developer environments, CI/CD pipelines, and cloud-connected workloads. The campaign led to the compromise of over 25,000 GitHub repositories and the exposure of hundreds of cloud credentials, affecting major organizations such as Zapier, PostHog, Postman, and Trust Wallet. Blockchain forensics confirmed that secrets stolen in this campaign were used to drain digital wallets, resulting in a confirmed $8.5 million theft from Trust Wallet. The attack's automation and worm-like propagation highlighted the urgent need for improved supply chain security and credential hygiene in cloud-native environments. Security researchers have identified new variants of the Shai-Hulud malware, indicating ongoing development and testing by threat actors. The campaign's technical sophistication included phishing tactics to capture npm maintainer credentials and modifications to payloads for improved evasion and error handling. While the most significant financial impact was observed in the Trust Wallet breach, the broader campaign demonstrated the potential for widespread compromise across the open-source software supply chain. Multiple security vendors have independently verified the attack chain, emphasizing the critical risks posed by supply chain attacks in modern software development.
1 months ago
Supply Chain Attacks and Remote Access Trojans Targeting NPM Ecosystem and Banking Sector
A series of sophisticated supply chain attacks have targeted the NPM ecosystem, compromising both widely used and niche packages to deliver malicious payloads. The "Shai-Hulud" campaign has infected at least 187 NPM packages, including the highly popular tinycolor package, which receives approximately 2 million downloads weekly. Attackers in this campaign modify package manifests, inject malicious files, and republish the compromised packages, resulting in downstream projects unknowingly incorporating malicious code. The worm-like nature of the attack allows it to spread rapidly to other maintainers' packages, amplifying the impact across the software supply chain. Delayed detection of these compromises increases the risk, as many projects may already be affected before the breach is discovered. The attack highlights the critical importance of verifying package signatures and maintaining a robust software bill of materials (SBOM) to trace dependencies and versions accurately. In a related but distinct campaign, a threat actor using the NPM account "ongtrieuhau861.001" has published at least 94 malicious packages, many of which are specifically crafted to target Asian banks. These packages, often named with the pattern "dhhdbankxxxxx" and similar variants, deliver a JavaScript-based Remote Access Trojan (RAT) dubbed "DHSollutionsBot." This RAT leverages Firebase Realtime Database for command and control, while exfiltrating stolen data through Discord webhooks, making detection more challenging due to the use of legitimate cloud services. The threat actor's NPM account history suggests either a long-term operation or the acquisition of an existing account for malicious purposes. The attack architecture is notable for its simplicity and effectiveness, combining two legitimate platforms for resilient and stealthy C2 operations. Both campaigns underscore the growing threat of supply chain attacks in the open-source ecosystem, where a single compromised package can have cascading effects on countless downstream projects. Developers and organizations are urged to implement cryptographic signing of packages, verify signatures before use, and maintain detailed SBOMs to mitigate the risk of such attacks. The incidents also demonstrate the need for continuous monitoring of package repositories and automated detection tools to identify and respond to malicious activity promptly. The use of trusted platforms like Discord and Firebase for C2 communications further complicates detection and response efforts. These attacks serve as a stark reminder that even well-established codebases can become vectors for compromise if their dependencies are not rigorously vetted and monitored. The campaigns have prompted renewed calls for improved security practices in the software development lifecycle, particularly in the management of third-party dependencies. Organizations are advised to review their exposure to affected NPM packages and take immediate remediation steps where necessary. The incidents highlight the evolving tactics of threat actors in targeting the software supply chain and the critical need for industry-wide vigilance.
1 months ago