Red Hot Cyber
Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Redazione RHC : 30 November 2025 08:43
The npm ecosystem is once again at the center of a large-scale supply chain attack attributed to the Shai-Hulud campaign. This wave has led to the release of hundreds of seemingly legitimate packages , but altered with malicious code, involving libraries used in popular services such as Zapier, ENS Domains, PostHog, and Postman.
According to initial analyses, the attackers’ primary goal was to steal developer credentials and tokens used in continuous integration and deployment (CI/CD) processes. The stolen information was then automatically sent to GitHub in encrypted form. To date, over 27,600 records related to this operation have been identified on GitHub.
Shai-Hulud had already emerged in mid-September, when he compromised 187 npm packages using a self-propagating payload that stole keys using the TruffleHog tool . The technique involved automatically retrieving original packages, modifying the package.json file with malicious scripts, and then publishing the infected versions via compromised maintainer accounts.
Aikido Security researcher Charlie Eriksen was among the first to detect the new attack, initially identifying 105 suspicious packages, which quickly grew to 492. A broader analysis showed that the attack was expanding rapidly: according to Wiz researchers, the total number of malicious packages exceeded 27,000, distributed via approximately 350 compromised npm accounts . Wiz also reports that, during the operation’s peak hours, approximately 1,000 new GitHub repositories were being created every half hour .
Repositories discovered on GitHub reveal that developers using infected packages, who stored GitHub credentials in their environment, had their devices compromised. CI/CD pipeline protection firm Step Security conducted a technical analysis of the new malware, highlighting two key files: setup_bun.js, which purported to be the Bun installer but was actually used to distribute the payload, and bun_environment.js, a heavily obfuscated 10 MB file.
Analysts have observed extensive use of obfuscation techniques, including long hexadecimal strings, anti-parsing loops, and functions designed to make code inspection difficult . The infection process consists of five stages and includes systematic credential theft ( GitHub tokens, npm, AWS, Google Cloud, Azure, and other services ) and a final, destructive action that completely overwrites the victim’s home directory. This stage is only triggered when specific conditions are met, such as the inability to authenticate or generate a new GitHub repository.
According to Koi Security, considering all compromised versions, the attack affected more than 800 npm packages in total. The malware also creates four files— cloud.json , contents.json , environment.json , and truffleSecrets.json— and uploads the stolen data to specially created repositories, all labeled ” Shai-Hulud: The Second Coming .”
The attackers also allegedly took control of some GitHub accounts , using them to rapidly generate new repositories containing files associated with the malware. While GitHub promptly removes suspicious repositories, the rapidity with which new content is created makes it difficult to completely block the campaign.
Among the infected packages detected by Aikido Security are key components of Zapier, ENS Domains, PostHog, and AsyncAPI. The ENS libraries are particularly relevant within the Ethereum ecosystem, as they are used in wallets, DApps, exchanges, and .eth domain management tools.
The npm platform still allows downloading tampered packages, although in some cases a warning appears indicating that the latest version has been unauthorizedly released.
Experts recommend that organizations compile a comprehensive list of compromised packages, replace them with safe versions, and immediately regenerate all keys and tokens used in CI/CD workflows . Wiz also recommends that companies renew credentials associated with GitHub, npm, and cloud services. Aikido Security also recommends disabling post-installation scripts during continuous integration processes, whenever possible.
The reactivation of the Shai-Hulud campaign comes at a time when npm has already been subject to several significant supply chain attacks. GitHub has announced additional security measures, which, however, are still being progressively implemented.
Redazione