A sophisticated new wave of cyberattacks, dubbed “Sha1-Hulud,” is targeting the npm registry, mirroring the tactics of a previous incident and compromising hundreds of software packages. Security researchers are warning that this evolving supply chain campaign poses a significant risk by injecting malicious code that can steal sensitive developer secrets and potentially disrupt build and runtime environments.
Sha1-Hulud Campaign Escalates Supply Chain Threats
Multiple security vendors, including Aikido, HelixGuard, Koi Security, Socket, and Wiz, have identified a second major attack campaign leveraging the npm registry. This new threat, Sha1-Hulud, builds upon the techniques observed in a previous Shai-Hulud attack that surfaced in September 2025. The campaign’s name itself, with a slight alteration, suggests a deliberate continuation or resurgence of these malicious activities.
The primary objective of the Sha1-Hulud campaign appears to be the exfiltration of sensitive information. According to Wiz researchers, the malicious code executes during the preinstall phase of package installation, significantly increasing the potential for exposure in development pipelines. Stolen secrets are then reportedly published to GitHub repositories, with the attackers using the repository description “Sha1-Hulud: The Second Coming” to mark their continued presence.
Modus Operandi of the Sha1-Hulud Attacks
The Sha1-Hulud campaign introduces a new variant that alters the package.json file by adding a preinstall script, typically named “setup_bun.js.” This script is designed to stealthily locate and execute a bundled malicious script, “bun_environment.js,” which leverages the Bun runtime environment. This method allows the attackers to bypass certain detection mechanisms and execute their payload more effectively.
Once activated, the malicious payload follows a two-pronged approach. First, it registers the infected machine as a self-hosted runner named “SHA1HULUD.” It then creates a GitHub workflow file located at “.github/workflows/discussion.yaml.” This workflow contains an injection vulnerability, allowing attackers to execute arbitrary commands on the compromised machine by initiating discussions within the associated GitHub repository.
Additionally, the malware is designed to exfiltrate secrets stored within the GitHub secrets section. These secrets, which can include API keys, credentials for cloud platforms like AWS, GCP, and Azure, and other sensitive tokens, are uploaded as artifacts. After retrieval, the attackers allegedly delete the workflow to conceal their activity, making detection more challenging.
“Upon execution, the malware downloads and runs TruffleHog to scan the local machine, stealing sensitive information such as NPM Tokens, AWS/GCP/Azure credentials, and environment variables,” Helixuard researchers stated.
Escalation and Potential for Data Destruction
The Sha1-Hulud campaign has demonstrated a significant escalation in its destructive capabilities. Koi Security noted that the malware is more aggressive than its predecessor, with a chilling fallback mechanism: if the attackers fail to establish persistence, authenticate to GitHub, or successfully exfiltrate secrets and tokens, the malware attempts to destroy the victim’s entire home directory.
“In other words, if Sha1-Hulud is unable to steal credentials, obtain tokens, or secure any exfiltration channel, it defaults to catastrophic data destruction,” Koi Security researchers Yuval Ronen and Idan Dardikman explained. “This marks a significant escalation from the first wave, shifting the actor’s tactics from purely data-theft to punitive sabotage.”
Wiz observed an alarming rate of infection, reporting over 25,000 affected repositories across approximately 350 unique users. The researchers noted that around 1,000 new repositories were being added consistently every 30 minutes in the hours leading up to their report.
Mitigation and Future Outlook
To combat the threat posed by Sha1-Hulud, organizations are strongly urged to take immediate protective measures. It is critical to scan all endpoints for the presence of compromised npm packages and remove malicious versions without delay. Rotating all credentials, including API keys, tokens, and passwords, is paramount to limit the impact of any potential breaches.
Furthermore, a thorough audit of repositories for persistence mechanisms is advised. This includes reviewing the contents of .github/workflows/ directories for suspicious files, such as “shai-hulud-workflow.yml,” or any unexpected or unauthorized branches. Developers should also remain vigilant about the security of their npm accounts and review package dependencies carefully.
The ongoing evolution of supply chain attacks like Sha1-Hulud highlights the persistent threat to software development ecosystems. The attackers’ ability to adapt their tactics, from credential theft to potential data destruction, underscores the need for continuous security monitoring and robust defense strategies within the open-source community and enterprise environments alike. Security researchers will continue to monitor for further developments and potential new variants in this evolving threat landscape.