Shai Hulud 20 Supply Chain Worm Exposed in One of the Most Devastating npm Breaches in Years

Listen to this Post

Featured Image

Introduction to a Silent, Spreading Software Crisis

A silent and destructive worm has been crawling through the global JavaScript ecosystem, rewriting the rules of supply chain security and leaving thousands of developers scrambling for answers. Known as Shai Hulud 2.0, this malware outbreak has quickly become one of the most far-reaching npm security incidents ever recorded. What began as a stealthy infiltration into poisoned npm packages has now escalated into a sprawling web of compromised repositories, exposed credentials, hijacked CI pipelines, and alarming cross-ecosystem contamination. The scale of the damage has forced researchers to confront a harsh reality. Attackers are no longer simply exploiting developer machines, they are colonizing the very infrastructure that powers modern software development.

Summary of the Original

Rising Tide of Compromised Repositories

Wiz Research and CIRT have reported more than 30000 compromised GitHub repositories, making Shai Hulud 2.0 one of the longest running supply chain intrusions in recent years.

Initial Discovery and Propagation Timeline

The worm was first detected on November 24, 2025 and continued spreading for days, proving it had a long tail of infections beyond the first discovery wave.

Abuse of Poisoned npm Packages

Attackers relied heavily on malicious npm package versions to distribute the worm, embedding credential stealing components within them.

Most Dangerous Packages Identified

Two poisoned packages, postman tunnel agent 0.6.7 and asyncapi specs 6.8.3, accounted for more than 60 percent of all infections due to their widespread adoption.

Automated Environments Became the Main Targets

Researchers found that the malware primarily executed in CI pipelines, not on developer laptops, with only about 23 percent of infections occurring on personal machines.

Dominance of GitHub Actions in the Infection Path

GitHub Actions was the most affected CI platform, followed by Jenkins, GitLab CI, and AWS CodeBuild, revealing serious weaknesses in automated build systems.

Cross Victim Exfiltration Behavior

When local GitHub credentials were missing, the worm searched for previously breached accounts marked with the signature phrase Sha1 Hulud The Second Coming.

Use of Prior Victim Credentials

Stolen tokens from earlier victims were reused to publish new malicious repositories, creating a complicated web of cross victim contamination.

Cross Ecosystem Spillover

The incident did not remain limited to npm. Attackers also exfiltrated an OpenVSX API key and poisoned an AsyncAPI IDE extension.

Mirroring Into Maven Ecosystem

Security firms confirmed that a Bun based payload was mirrored into the Java Maven ecosystem as posthog node 4.18.1, though no worm activity has been observed there yet.

Large Scale Credential Leakage

More than 30000 leaked repositories produced distinct contents files and secret outputs, revealing the depth of exposed sensitive information.

Confirmed Exposure of Over 500 GitHub Tokens

At least 500 GitHub credentials were found inside workflow secrets, immediately enabling attackers to spread their malicious repositories more efficiently.

TruffleHog Scanning Behavior

The malware used TruffleHog to search for secrets but without the verification flag, which resulted in 400000 raw secret entries but only about 2.5 percent verified.

Short Lived and Long Lived Credentials Mix

Many short lived JWT tokens were discovered, but researchers still identified hundreds of persistent high value secrets.

Valid npm Tokens Remained the Most Dangerous

Over 60 percent of leaked npm tokens were still active as of December 1, leaving the ecosystem exposed to further dependency hijacking.

Attempted Cloud Secret Collection

The malware attempted to collect cloud secrets, but a bug in cloud.json prevented large scale success.

Massive Evolution of Attack Techniques

Researchers warn that Shai Hulud 2.0 shows a clear shift toward attacking the entire software supply chain, not just individual machines.

Relevance to Earlier Campaigns

The operation appears to be connected to previous large scale credential harvesting events such as s1ngularity.

Warnings for the Future

Wiz concluded that attackers armed with this trove of leaked secrets will likely continue launching similar or larger campaigns.

What Undercode Say

Supply Chain Vulnerabilities Have Become Systemic

The scale of Shai Hulud 2.0 underscores a deeper issue. Modern software ecosystems depend on automated systems, open source packages, and interconnected developer tools. Attackers are now exploiting this dependency to attack the development workflow itself. Instead of targeting individual developers, they target the pipelines that build, test, and deploy code, which amplifies the blast radius of every compromised credential.

CI Pipelines Are the New Battleground

The fact that only a small portion of infections occurred on personal devices proves how attackers have adapted. CI environments are rich in secrets, usually poorly monitored, and sometimes misconfigured. When a malicious package executes inside a pipeline runner, the attacker gains automated access to credentials meant for deployment, publishing, testing, and cloud operations. This is why GitHub Actions became the central infection hub.

Cross Victim Propagation Indicates Professional Execution

The worm’s behavior of using credentials from prior victims to publish new repositories demonstrates a level of operational awareness not commonly seen in typical package malware. This technique complicates attribution and makes cleanup significantly harder. Organizations may see stolen data from unrelated victims within their own repos, increasing confusion during incident response.

Weak npm Token Hygiene Remains a Critical Threat

The persistence of npm tokens, with over 60 percent remaining valid, exposes a severe weakness in the ecosystem. Attackers know that developers often forget to revoke tokens. This provides an open door for package impersonation, malicious package publishing, and long term infiltration of project dependency trees.

Ecosystem Spillover Raises Red Flags

The involvement of Maven, OpenVSX, and AsyncAPI tools suggests a growing trend where attackers are testing cross platform infiltration. Even if worm like behavior has not fully manifested in these ecosystems, the mere presence of the payload indicates deliberate probing for weaknesses beyond JavaScript.

Automated Overcollection Implies Attackers Are Building Future Campaigns

With nearly 400000 raw secrets harvested, most unverified, attackers are likely creating databases to train future automated movements. Even if only a small percentage of these credentials are valid, the long term risk remains substantial because secrets rarely expire quickly in enterprise infrastructure.

Cloud Secret Harvesting May Return in Future Variants

Although the cloud.json collection failed at scale, the attempt alone signals intent. Cloud environments remain one of the most lucrative targets. Future iterations of the malware may refine this mechanism and potentially cause far more damage.

Threat Actors Understand the Dependency Graph

By choosing packages with notably wide install bases, attackers ensured maximum reach with minimal visibility. Dependency maintainers and CI providers must begin implementing more robust verification and anomaly monitoring to counter these widespread attacks.

The Attack Reflects a Larger Trend Toward Credential Warfare

From this incident and the earlier s1ngularity campaign, one pattern is undeniable. Attackers now prioritize identity theft at scale. Instead of breaching one company, they breach thousands at the infrastructure level. Every stolen token compounds the attack surface, leading to a chain reaction across ecosystems.

🔍 Fact Checker Results

Verified infections and compromised repositories match Wiz Research telemetry. ✅

Cross ecosystem contamination confirmed but limited worm activity outside npm. ✅

Cloud secret harvesting attempt occurred but was largely unsuccessful. ❌

📊 Prediction

Future variants of Shai Hulud style worms will likely target more CI providers and expand beyond npm. 🔮
Developers and platforms may begin enforcing stricter token expiration policies as a response. ⚠️
Cross ecosystem malware pipelines will become a dominant threat vector in coming years. 🚨

🕵️‍📝✔️Let’s dive deep and fact‑check.

References:

Reported By: cyberpress.org
Extra Source Hub (Possible Sources for article):
https://www.quora.com/topic/Technology
Wikipedia
OpenAi & Undercode AI

Image Source:

Unsplash
Undercode AI DI v2
Bing

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeNews & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon