A new wave of supply-chain attacks has emerged, exploiting nearly 500 npm software packages with a self-replicating worm. This malware, identified as a new version of Shai-Hulud, has compromised over 26,000 open-source repositories on GitHub, raising significant security concerns for developers and organizations relying on open-source components. The malware’s rapid propagation and sophisticated automation highlight the escalating threat to software supply chains.
Security researchers discovered the trojanized npm packages late Sunday, noting they were uploaded over a three-day period starting Friday. This campaign, linked to Shai-Hulud malware which previously infected npm packages in September, is actively compromising additional repositories. While downstream attacks leveraging stolen credentials have not yet been observed, researchers warn that the widespread exposure of these secrets significantly increases the likelihood of future exploitation.
Shai-Hulud Worm Escalates Supply-Chain Attacks
The latest variation of the Shai-Hulud worm demonstrates a substantial increase in automation and scale compared to its predecessor. Stolen npm tokens are being used to infect additional packages with near self-sufficiency, according to Charlie Eriksen, a security researcher at Aikido Security. This advanced propagation method makes detection and mitigation more challenging.
Major software packages including Zapier, ENS Domains, PostHog, and Postman were among those compromised. The attackers injected malicious code that allowed them to populate GitHub repositories with stolen victim data, as reported by Wiz, a cloud security firm. According to Wiz, some of these affected packages are present in approximately 27% of cloud and code environments, indicating a broad potential impact.
Implications of Widespread Compromise
Merav Bar, a threat researcher at Wiz, stated that multiple environments were found to have downloaded these trojanized packages before their removal from npm, confirming active, real-world exposure. She anticipates a long tail of exploitation, similar to past attacks, affecting both initial victims and opportunistic attackers.
Both the previous and current Shai-Hulud attacks appear to prioritize the theft of developer secrets. These secrets are crucial for deeper supply-chain compromises. The ease with which attackers can weaponize trusted distribution channels and distribute malicious versions at scale before detection is a significant concern.
The timing of this latest campaign is considered opportunistic. It began just weeks before npm, a company acquired by GitHub in 2020, plans to revoke classic tokens as part of an initiative to enhance security practices. Eriksen noted that the campaign’s impact would likely be significantly reduced if these new security implementations were already in place.
Technical Details and Attacker Tactics
The most recent Shai-Hulud variant creates malicious files during the preinstall phase. These include randomly named public repositories designed to store stolen data. While the activities align with the previous worm, some differences have been observed, and attribution has not been fully confirmed by Wiz researchers.
The npm ecosystem’s low-friction nature makes it an attractive target for attackers, according to Ron Peled, chief operating officer and co-founder of Sola Security. He also highlighted that developers’ endpoints and CI/CD environments are often overlooked by endpoint detection and response tools. Sensitive information like GitHub tokens, npm tokens, and cloud secrets are frequently stored in environment variables, providing malware with access to powerful credentials for propagation.
Melissa Bischoping, senior director of security and product design research at Tanium, commented on the increasing maturity and complexity of supply-chain attacks targeting open-source software. She referenced incidents like the XZ Utils compromise and previous Shai-Hulud campaigns, noting a clear pattern of attackers identifying open-source developers as high-value targets with significant recent success.
“Developers, even hobbyist ones, need to be prepared for continued attacks and escalation,” Bischoping advised, emphasizing the need for vigilance across the open-source community.
The npm security team continues to investigate the scope of the compromise and work on removing malicious packages. Developers are advised to audit their dependencies and revoke any potentially compromised npm tokens. The full impact and resolution timeline remain uncertain as the situation evolves.