A large-scale cyberattack has once again hit the NPM ecosystem. Following the first Shai-Hulud worm in September, more than 1,000 package versions have now been compromised. The attack focuses on stealing credentials and spreads automatically via NPM packages.
A few months after the first major attack in September, the package registry was once again hit by a variant of the Shai-Hulud worm. In addition to the original 459 identified packages, the JFrog research team discovered another 181 compromised versions. The attack now covers more than 1,000 package versions.
The malware works similarly to the previous attack. It is a self-propagating worm that steals user secrets, uploads them to a public GitHub repo, and then repackages itself into all available NPM packages belonging to the user. The attackers are using a new payload in bun_environment.js instead of bundle.js.
Sha1-Hulud: The Second Coming
The attackers have dubbed this campaign “Sha1-Hulud: The Second Coming.” This is visible in the repository descriptions where stolen credentials are stored. The new variant generates random repository names instead of the predictable “/shai-hulud” structure of the first attack.
The malware steals access tokens from various providers, including GitHub, NPM, AWS, GCP, and Azure. All credentials that TruffleHog can identify are also taken. The range of supported providers for that tool is broad.
Affected developers must act quickly
Users with one of the compromised package versions must take immediate action. All access tokens stored on the affected machine must be reset. This applies to the aforementioned providers and all other services that TruffleHog recognizes.
Users should check their GitHub account for new repositories with random names. These may contain files such as contents.json, environment.json, cloud.json, actionsSecrets.json, and truffleSecrets.json. For NPM accounts, it is important to check for new package versions with a post-install script that executes “node setup_bun.js.js”. Any versions found must be removed immediately.
JFrog Xray and Curation customers are fully protected against this attack vector. All packages from the campaign are marked as malware. Curation customers are advised to enable Compliant Version Selection. This transparently serves the latest non-malicious version of each package. Activating the “Package version is immature” policy also helps. This blocks package versions that are too new, keeping organizations immune to similar dependency hijack attacks.
Tip: Critical vulnerability exposed in JavaScript library expr-eval