The NPM ecosystem is once again facing a serious supply chain attack. While the previous Shai-Hulud infection was mainly known for the large number of packages affected, the new campaign shows that the impact goes far beyond code distribution.
Research by cloud security company Wiz shows that large amounts of data have been stolen and made public via tens of thousands of GitHub repositories.
Information from the analysis shows that this time, the attackers focused more on collecting and distributing sensitive data than on rapidly infecting package versions. According to Wiz, approximately 400,000 raw secrets were stolen, ranging from access tokens to configuration data from CI and development environments.
Notably, according to the researchers, a significant portion of the stolen NPM tokens were still valid at the time the leak was discovered. This means that the attack not only provides a retrospective view of what went wrong, but also poses a real and ongoing risk of new compromises.
Shai-Hulud 2.0 spread via hundreds of infected package versions, writes BleepingComputer. The malicious behavior was almost always activated during NPM’s preinstall event, where a script called setup_bun.js was responsible for collecting tokens, injecting additional code, and republishing packages under victims’ accounts. A small number of packages were responsible for a large proportion of the infections, allowing the campaign to spread quickly and efficiently.
New variant has destructive function
Wiz also describes how the new variant contains a destructive function that, under certain circumstances, deletes a victim’s entire home directory. Although this behavior does not appear to have been widely activated, according to the researchers, it shows that supply chain malware is evolving from mere data theft to functionality that can cause direct damage within development environments and CI infrastructures.
A large number of the affected systems consisted of Linux containers that were part of automation processes. Many infections appeared to be related to GitHub Actions, followed by other CI platforms such as Jenkins, GitLab CI, and AWS CodeBuild. This confirms that modern attacks are increasingly targeting automated build pipelines, where access tokens and publishing rights are present and where abuse can have a direct impact on the integrity of software delivery.
The repositories in which the stolen data was stored contained various types of information, such as file snapshots, system data, scan results, and workflow secrets from GitHub Actions. Although much of the data is unusable due to the large amount of noise, according to Wiz, the collection does contain hundreds of usable credentials that can be used immediately for follow-up campaigns.
Entire development chain affected
A previous Techzine article already discussed the reappearance of the Shai-Hulud worm within NPM. However, the new findings show that the scale of the campaign was much larger than initially thought. What starts as a package infection ultimately turns out to be an attack that affects the entire development chain, from local machines to automated CI environments.
According to the researchers, it is likely that the group behind Shai-Hulud will continue to refine its attack techniques. The volume of data stolen makes it attractive to carry out follow-up operations, possibly more targeted and with greater knowledge of the internal processes at victims’ sites. Organizations that rely on NPM and CI platforms are therefore urged to reevaluate their security processes and, in particular, to critically review the way tokens are managed.