Threat actors launched a sophisticated software supply chain attack that targets the npm registry and compromises over 40 packages maintained by multiple developers. The self-replicating worm, dubbed “Shai-Hulud”, automates the infection of downstream dependencies. Review the details in this Cybersecurity Threat Advisory to help mitigate its impact.
What is the threat?
The first identified malicious version was published on September 14, 2025. The attack is initiated by a malicious payload injected into compromised package versions. The malicious code, a minified bundle.js file, executes during the npm install process in Linux or macOS environments. It executes a bundle.js script designed to search for secrets on the host using TruffleHog (a credential scanning tool) and attempt to collect tokens/credentials such as GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, etc. It spreads automatically. After compromising a maintainer’s account, the worm hijacks their npm token and publishing rights to infect other packages under their control.
Why is it noteworthy?
The malware is designed to steal credentials and exfiltrate data. More than 40 npm packages contain confirmed malicious versions, and researchers continue to uncover additional affected packages. Some reports say 180+ packages overall have been impacted. Since the worm can automatically republish to all packages under a compromised maintainer’s control, the infection can cascade and propagate widely across downstream dependencies. By creating workflows in repositories, the malware can persist beyond removal of the package, as CI pipelines may re-trigger exfiltration or run malicious code. Many earlier supply chain attacks relied on human interaction to compromise downstream packages. In contrast, this mechanism spreads automatically by executing malicious code without user involvement.
What is the exposure or risk?
This attack poses severe risks, including:
- Supply chain contamination: The self-propagating nature of the worm enables it to automatically infect other packages maintained by the compromised user, leading to a cascading effect across the npm ecosystem.
- Credential theft: Exposure or compromise of tokens (GitHub, npm, cloud provider) leading to unauthorized access, repository takeover, publishing rights abuse, etc.
- Persistent backdoors: By creating workflows in repositories, the malware can persist beyond removal of the package, as CI pipelines may re-trigger exfiltration or run malicious code.
- Reputation and supply chain disruption: Infected packages can damage maintainers’ reputations and expose organizations to data breaches, compliance violations, and expensive incident response efforts.
What are the recommendations?
Barracuda recommends the following actions to limit the impact this supply chain attack:
- Remove or upgrade to versions that are unaffected. If no safe version exists, replace the package, or fork it after verifying source.
- Audit cloud infrastructure for compromise:
- AWS – Check CloudTrail for suspicious secret access and review IAM credential reports for unusual activity.
- GCP – Review secret manager access logs and check for unauthorized service account key creation.
- Network monitoring:
- Block outbound connections to site domains immediately.
- Monitor firewall logs for connections to https://webhook.site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7.
- Github security hardening:
- Review and remove unnecessary GitHub Apps and OAuth applications.
- Audit all repository webhooks for unauthorized additions.
- Set up alerts for any new npm publishes from your organization.
Reference
For more in-depth information about the recommendations, please visit the following link:
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
This post originally appeared on Smarter MSP.