Threat Overview
Published: September 17, 2025
Executive Summary
A widespread software supply chain attack targeting the Node Package Manager (npm) ecosystem has been discovered. This attack involves a novel self-replicating worm named "Shai-Hulud," which has compromised over 180 software packages, including widely used libraries. The worm operates by harvesting credentials, exfiltrating data, and automatically propagating itself through compromised developer accounts.
The attack likely originated from a phishing campaign spoofing npm. The malware scans for sensitive credentials, including npm tokens and cloud service API keys, and publicly exposes them on GitHub. This represents a significant evolution in supply chain threats, potentially leading to cloud service compromises, data theft, and lateral movement within networks.
Palo Alto Networks Unit 42 is actively investigating this threat. The Unit 42 Incident Response team can be engaged to help with a compromise or provide a proactive assessment to lower risk.
Related Topics
Background on npm Packages and the Supply Chain
The attack may have started with a credential-harvesting phishing campaign spoofing npm, tricking developers into updating their multi-factor authentication (MFA) login options. Once initial access was gained, the threat actor deployed a malicious payload functioning as a worm, initiating a multi-stage attack sequence.
Based on comments and emojis in the bash script, Unit 42 assesses with moderate confidence that the threat actor used an LLM to assist in writing the malicious code. The malicious package versions contain a worm executing a post-installation script that scans for sensitive credentials such as:
- .npmrc files (for npm tokens)
- Environment variables and configuration files targeting GitHub Personal Access Tokens (PATs) and API keys for cloud services like Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
Harvested credentials are exfiltrated to an actor-controlled endpoint. The malware creates a new public GitHub repository named "Shai-Hulud" under the victim’s account, committing stolen secrets publicly. Using the stolen npm token, it authenticates to the npm registry as the compromised developer, identifies other packages maintained by that developer, injects malicious code into them, and publishes the new, compromised versions.
Current Scope of the Attack
The compromise is extensive, impacting numerous packages, including widely used ones like @ctrl/tinycolor. Credential theft can lead to cloud service compromises (AWS, Azure, GCP), resulting in data theft from storage buckets, ransomware deployment, cryptomining, or deletion of production environments.
Additionally, it may enable direct database theft and hijacking of third-party services for phishing. Stolen SSH keys can facilitate lateral movement within networks, posing a significant security risk.
Detection and Mitigation
To detect and mitigate this threat, organizations should:
- Implement strict access controls and multi-factor authentication (MFA) for developer accounts.
- Regularly review and rotate credentials and API keys.
- Monitor for unusual activity in npm packages and GitHub repositories.
- Use security tools to scan for exposed secrets and vulnerabilities in codebases.
The Unit 42 Incident Response team can assist with incident response, threat hunting, and proactive security assessments. Organizations should stay informed about emerging threats and best practices for securing their software supply chains.
Conclusion
The Shai-Hulud worm represents a significant escalation in npm attacks targeting the open-source community. Its self-replicating design combines credential harvesting with automated dissemination, exploiting maintainers’ existing publishing rights to proliferate across the ecosystem.
The integration of AI-generated content within the campaign signifies the evolving threat from malicious actors exploiting AI for harmful activities, accelerating secret sprawl. These attacks propagate at the speed of Continuous Integration and Continuous Delivery (CI/CD), posing long-lasting security challenges.
Palo Alto Networks has shared findings with Cyber Threat Alliance (CTA) members to rapidly deploy protections and disrupt malicious cyber actors. Learn more about the Cyber Threat Alliance.
