Listen to this Post
In a startling new development for the open-source community, security researchers have uncovered a fresh supply chain attack under the infamous Mini Shai-Hulud campaign. This latest incident has compromised over 320 NPM packages, GitHub Actions workflows, and even a VS Code extension, putting millions of developers and applications at risk. With the attack targeting high-profile packages, including the widely used timeago.js and echarts-for-react, the implications extend far beyond the initial compromise, impacting continuous integration pipelines and a broad spectrum of downstream software.
Attack Overview: Compromised Maintainers and High-Impact Packages
The attack originated through the NPM maintainer account ‘atool’, which manages multiple packages in the @antv namespace. Timeago.js, a package with roughly 1.5 million weekly downloads, was exploited to propagate malicious versions. Microsoft warns that downstream packages like echarts-for-react (~1.1 million weekly downloads) were affected, amplifying the potential damage across numerous applications and CI environments.
Socket reports that approximately 639 malicious versions were published in this campaign across ecosystems involved in data visualization, charting, mapping, and React components. Expanding the picture, the Mini Shai-Hulud campaign spans multiple platforms, including NPM, PyPI, and Composer, with 1,048 NPM versions across 498 packages alone.
How the Attack Works: Multi-Stage Infection
The compromised packages typically include install-time payloads that trigger a multi-stage infection chain. These payloads fetch secondary malware from GitHub-hosted infrastructure, designed to steal credentials and establish persistence. StepSecurity highlights that every affected package contains an obfuscated payload capable of:
Reading GitHub Actions runner memory to extract masked CI/CD secrets.
Harvesting credentials from over 130 file paths, including AWS, GCP, Azure, Kubernetes, HashiCorp Vault, cryptocurrency wallets, and developer tools.
Exfiltrating stolen data via GitHub repositories and fallback servers.
NPM Registry Abuse and Remote Execution
Socket researchers revealed that the malware abuses NPM registry functionality. It validates tokens, enumerates maintainable packages, downloads tarballs, injects malicious payloads, adds preinstall hooks, bumps versions, and republishes under the compromised maintainer’s identity.
Wiz security notes a new capability: the malware now downloads and executes Python code from attacker-controlled infrastructure, effectively giving operators ongoing remote execution on infected systems. StepSecurity also identified persistent backdoors in Claude Code and detected exfiltrated data in over 2,200 GitHub repositories.
Broader Impacts: PyPI and GitHub Actions
The attack didn’t stop at NPM. Microsoft’s Durabletask Python SDK saw three malicious versions uploaded to PyPI in a 35-minute window, illustrating the cross-platform reach. Additionally, GitHub Action actions-cool/issues-helper was compromised, highlighting the attackers’ focus on CI/CD pipelines as high-value targets.
What Undercode Says: Security Analysis
This latest Mini Shai-Hulud campaign underscores several critical trends in software supply chain attacks:
Targeting Maintainers Is More Effective than Targeting Users: Compromising a single maintainer account like ‘atool’ can ripple across hundreds of packages, showing the exponential impact of supply chain attacks.
Multi-Stage Payloads Increase Damage Potential: The combination of credential harvesting, persistent backdoors, and remote execution capabilities represents a sophisticated, multi-vector attack strategy. Developers and organizations relying on these packages are exposed not just to immediate data leaks but also to long-term system compromise.
Cross-Platform Infiltration Shows Growing Sophistication: By targeting NPM, PyPI, and Composer simultaneously, the attackers ensure that their reach spans multiple developer ecosystems. This cross-platform nature reflects a strategic escalation from earlier campaigns.
CI/CD Systems Are a High-Value Target: Extracting secrets from GitHub Actions and other CI/CD runners allows attackers to move laterally within development and production environments, gaining privileged access to cloud accounts and internal systems.
Obfuscation and Automation Make Detection Hard: The malware’s ability to obfuscate its payloads, validate tokens, and automatically republish packages under trusted identities makes traditional detection approaches ineffective. Organizations must adopt runtime monitoring and proactive dependency scanning.
Persistent Remote Execution Raises Long-Term Risks: The Python remote code execution capability means infected systems may remain vulnerable indefinitely, even after initial package removal.
Wider Ecosystem Awareness Is Essential: The involvement of high-profile libraries like echarts-for-react suggests that even well-maintained projects are at risk. The attack reinforces the need for global security awareness and cross-collaboration among maintainers.
Future Attacks Will Likely Target Popular CI/CD Tools: Given the success of targeting GitHub Actions and popular SDKs, attackers may increasingly focus on critical developer infrastructure rather than just libraries.
Credential Theft Is the Gateway to Larger Exploits: With harvested credentials spanning AWS, Azure, GCP, and crypto wallets, attackers can pivot to financial theft, cloud resource abuse, and ransomware operations.
Organizational Mitigation Must Include Multi-Layered Defense: From automated dependency checks to secret scanning in CI/CD, organizations must implement multi-tiered safeguards to detect and mitigate similar attacks early.
🔍 Fact Checker Results
✅ Mini Shai-Hulud campaign has indeed targeted over 320 NPM packages.
✅ Timeago.js and echarts-for-react were confirmed compromised.
✅ Data exfiltration from CI/CD secrets and cloud credentials aligns with multiple independent security reports.
📊 Prediction
Given the increasing sophistication of supply chain attacks, the Mini Shai-Hulud campaign likely signals a new wave of cross-platform software compromises. Expect attackers to increasingly focus on:
CI/CD pipelines and developer toolchains as high-value targets.
Automated package manipulation to scale attacks without direct human intervention.
Cross-ecosystem attacks affecting multiple programming languages and package registries simultaneously.
Organizations that rely heavily on open-source dependencies will need real-time dependency monitoring, secret scanning, and anomaly detection in CI/CD workflows to mitigate potential damage. If unaddressed, similar campaigns could escalate into major cloud breaches and systemic software disruptions in 2026.
If you want, I can also
create a visual flowchart showing how this Multi-Stage Mini Shai-Hulud infection works, which would make it very easy to understand for developers and security teams. Do you want me to do that?
🕵️📝Let’s dive deep and fact‑check.
References:
Reported By: www.securityweek.com
Extra Source Hub (Possible Sources for article):
https://www.stackexchange.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon | 📺Youtube
