Security researchers have identified at least 187 NPM packages, which have been compromised in an ongoing supply chain attack, with a malicious self-existing payload to infect other packages.
The coordinated worm-style campaign was dubbed ‘Shai-Hulud’ which started with yesterday’s agreement @ctrl/tinycolor NPM package, which receives more than 2 million weekly downloads.
Since then, the campaign has expanded considerably and now includes packages published under NPM Namespace of Crowdastric.
From Tinycolor To do crowdstruk
Tomorrow, Daniel Perera, a senior backnd software engineer, Alerted Community for large -scale software supply chain attacks affecting the world’s largest JavaScript Registry, NPMJS.com.
“There is a SIC malware that is spreading live in the NPM as you read it,” the engineer wrote, warned everyone that everyone should avoid installing the latest versions of everyone. @ctrl/tinycolor Project.
Perera was trying to In the last 24 hours, Github’s attention was “targeted a lot of repo,” to discuss the ongoing attack through more prudent channels, and revealing the attack could cause publicly threat to people.
“But it is very difficult to contact Github. For example, the secrets are being revealed in Repos. It is serious,” the engineer wrote.
Software supply chain safety firm socket Started investigating agreement And at least 40 packages were identified in this campaign. Today, both the socket and the Aikido researchers have Additional packages identifiedCounting at least 187.
Stepsurity Also published A technical breakdown with deobefsited snipets and attack-flow diagrams confirms the early findings of the large-scale socket.
The affected packages include many published by the NPMJS account of the Crowdastrik. Crowdastrik-Publisher,
Cyber security solution for bleepingcomputer comments reached the provider:
“After finding out several malicious node package manager (NPM) packages in the public NPM Registry, a spokesman for a crowdstruk said, a spokesperson of a crudestruk said,” After finding out many malicious node package manager (NPM) packages in the public NPM Registry, a third-party open source repellers, we removed them fast and twisted their chabbis in public registrations. “
“These packages are not used in Falcon sensors, the platform is not affected and customers are preserved. We are working with NPM and are fully examined.”
Uses Truelhog to steal self-propting worm secrets
The compromised versions include a self-existence mechanism that targets other packages by the same maintenance.
Malware downloads each package by a vetter, modifies it package.jsonInject A bundle.js The script (shown below), re -prepares the collection, and re -pubes it, which “enabling automatic trojan of downstream packages”, as the socket researchers explained.
bundle.js The script uses truelhog, a valid secret scanner, which can be used by developers and security professionals to find sensitive information such as API keys, passwords and code repository and other data sources.
The malicious script, however, misuse the equipment to find hosts for tokens and cloud credentials.
“It validates and uses developer and ci credentials, creates a github actions workflow Inseed repositories, and exfiltrates results to a hardcoded weight (hxxps://webhook(.)site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7),” explains Socket.
Comes under the name ‘Shai-Hulud’ shai-haulud.yaml Workflow Files used by malware found in compromised versions, and a reference to Frank Herbert’s huge sandworm Dune series.
“While not a unique reference, its presence confirms that the attacker deliberately branded the campaign ‘Shai-Hulud’,” Stated Sounc researchers Kush Pandya and Peter Wan Der Zee today.
The malware found in additional packages identified today is similar to the previous strand that was used bundle.js To:
- Download and execute valid secret scanning tools, trichos
- Find hosts for secrets like token and cloud credentials
- Check that the developer and CI credentials discovered are valid
- Create unauthorized github action workflows within repository
- Exfiltrate sensitive data for a hardcoded webhook endpoint
The event follows mass attacks like NX ‘S1ngularity’
What makes this supply-chain attack makes it is beyond the popular packages that hit.
The attack follows two high-profile supply chain attacks in a single month.
In the first week of September, the 2,180 githb accounts were dubbed by the AI-Interested Malware in the ‘S1ngularity’ attack.
While the root cause of today’s attack is still being investigated, doctors including Perera have envisaged that today’s attack may have been orchestrated by the attackers behind ‘S1ngularity’.
Earlier this month, the maintenance of popular chalk and debug NPM packages also fell victim to fishing in a separate attack, compromising their projects.
The wave effect dependence of these attacks grows deeply in the chain, potentially affecting widely used projects such as Google Gemini CLI, which A statement issued In the weekend:
Ryan J., senior director of Google’s product management. Salwa wrote, “We want to be clear: Mithun CLI Source Code was not compromised on its own, and our servers remain safe.”
“However, this phenomenon may have affected users who have installed or updated Mithun CLI during the attack window using the NPM installation method. We are providing details on the event, making it clear to make steps to take steps to secure their system.”
These ongoing attacks display the fragility of the modern software supply chain, where a single malicious bridge request or compromised account can exit for hundreds of projects.
While vendors such as Google and Crowdastrik emphasize their main platforms, this phenomenon outlines the development to developers for the safety of their software builds and pipelines.
The affected users must audit their environment and logs for signs of compromising, rotate all mysteries and CI/CD tokens, and review the dependence trees for malicious versions. PIN for reliable release and limiting the scope of publication credentials are important steps to reduce the contact of the package-level agreement.
The passwords broke in 46% of the atmosphere, almost doubled by 25% last year.
Picus Blue Report 2025 Now get a wider look at more conclusions on prevention, detection and data exfIs.
