Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label NPM malware. Show all posts
software supply chain attack
cloud secret theft developer credential theft JavaScript security malware NPM malware Shai Hulud malware software supply chain attack

New Shai Hulud Malware Variant Turns Developers Into Supply Chain Attack Vectors, Expel Warns

 

A newly released report from managed detection and response firm Expel Inc. reveals an advanced variant of the Shai Hulud malware, highlighting how software supply chain attacks are moving beyond isolated malicious packages to large-scale, self-spreading campaigns that exploit developers as unwitting distribution channels.

Originally detected in September, the Shai Hulud malware campaign targets the JavaScript ecosystem and prioritizes supply chain compromise over conventional endpoint attacks. It spreads through trojanized Node Package Manager (npm) packages designed to steal credentials and replicate across developer environments.

According to Expel, the latest iteration of Shai Hulud automates the takeover of developer systems and the npm registry by combining credential harvesting, cloud secret extraction and rapid self-propagation. The malware is typically triggered during an npm install process on a developer’s machine or within continuous integration and continuous delivery pipelines.

Once activated, the malicious package initiates a two-stage infection process. In the first phase, it prepares the environment by installing the Bun JavaScript runtime if it is not already available. The second phase launches a highly obfuscated background payload responsible for stealing credentials, exfiltrating data and spreading the infection further.

The malware conducts extensive searches for sensitive information stored locally, including cloud access keys, npm publishing tokens and GitHub login credentials. It also uses the TruffleHog security scanning tool to comb through a victim’s home directory, identifying hard-coded secrets hidden in source code, configuration files and git history.

When cloud credentials are discovered, Shai Hulud escalates its activity by directly querying cloud-based secret management services such as Amazon Web Services Inc.’s Secrets Manager, Microsoft Corp.’s Azure Key Vault and Google LLC’s Cloud Secret Manager to retrieve additional confidential data.

Rather than relying on traditional command-and-control infrastructure, the malware blends into normal developer workflows by abusing GitHub services. Stolen credentials and system details are exfiltrated to newly created public GitHub repositories, while infected systems are registered as self-hosted GitHub Actions runners, providing attackers with persistent remote access.

To maintain and expand the campaign, Shai Hulud exploits compromised developer accounts by injecting malicious code into other npm packages owned by the victim. These altered packages are then automatically published to the registry, allowing the malware to continue spreading.

Expel estimates that the campaign has affected more than 25,000 repositories and hundreds of npm packages, including those linked to widely used developer tools. The report concludes that Shai Hulud signals a fundamental change in supply chain risk by targeting the trust mechanisms underlying modern software development. While the current activity is focused on npm, Expel cautions that similar attacks could surface in other ecosystems built on comparable trust models, such as PyPI, RubyGems and Composer.
Read more »
npm malware attack
Cyber Attacks cybersecurity risks Developers Malware Attack Malwares NPM NPM malware npm malware attack

Sha1-Hulud Malware Returns With Advanced npm Supply-Chain Attack Targeting Developers

 

A new wave of the Sha1-Hulud malware campaign has unfolded, indicating further exacerbation of supply-chain attacks against the software development ecosystem. The recent attacks have hit the Node Package Manager, or npm, one of the largest open-source package managers that supplies JavaScript developers around the world. Once the attackers compromise vulnerable packages within npm, the malicious code will automatically be executed whenever targeted developers update to vulnerable versions, oblivious to the fact. Current estimates indicate nearly 1,000 npm packages have been tampered with, thereby indirectly affecting tens of thousands of repositories. 

Sha1-Hulud first came into light in September 2025, when it staged its first significant intrusion into npm's ecosystem. The past campaign included the injection of trojanized code into weakly-secured open-source libraries that then infected every development environment that had the components installed. The malware from the initial attack was also encoded with a credential harvesting feature, along with a worm-like mechanism intended for the proliferation of infection. 

The latest rendition, seen in new activity, extends the attack vector and sophistication. Among others, it includes credential theft, self-propagation components, and a destructive "self-destruct" module that aims at deleting user data in case interference with the malware is detected. The malware now demonstrates wide platform compatibility, running across Linux, macOS, and Windows systems, and introduces abuse of GitHub Actions for remote code execution. 

The infection chain starts with a modified installation sequence. Inside the package.json file, the compromised npm packages bear a pre-install script named setup_bun.js. Posing as a legitimate installer for the Bun JavaScript runtime, the script drops a 10MB heavily obfuscated payload named bun_environment.js. From there, malware begins searching for tokens, API keys, GitHub credentials, and other sensitive authentication data. It leverages tools like TruffleHog to find more secrets. After stealing the data, it automatically gets uploaded into a public repository created under the victim's GitHub account, naming it "Sha1-Hulud: The Second Coming," thus making those files accessible not just to the attackers but to actually anyone publicly browsing the repository. 

The malware then uses the stolen npm authentication tokens to compromise new packages maintained by the victim. It injects the same malicious scripts into those packages and republishes them with updated version numbers, triggering automatic deployment across dependent systems. If the victim tries to block access or remove components, the destructive fail-safe is initiated, which wipes home directory files and overwrites data sectors-this significantly reduces the chances of data recovery. 

Security teams are encouraged to temporarily stop updating npm packages, conduct threat-hunting activities for the known IoCs, rotate credentials, and reevaluate controls on supply-chain risk. The researchers recommend treating any system showing signs of infection as completely compromised.
Read more »
TruffleHog leak
Data Breach GitHub repositories breach NPM malware Shai-Hulud attack Supply Chain Attack TruffleHog leak

Shai-Hulud 2.0 Breach Exposes 400,000 Secrets After Massive NPM Supply-Chain Attack

 

The second wave of the Shai-Hulud malware attack last week led to the exposure of nearly 400,000 raw secrets after compromising hundreds of NPM (Node Package Manager) packages and leaking stolen data across more than 30,000 GitHub repositories.

While only around 10,000 of those secrets were confirmed as valid using the TruffleHog open-source scanning tool, cloud security company Wiz reports that over 60% of the NPM tokens leaked in this incident were still active as of December 1st.

Shai-Hulud first surfaced in mid-September, infecting 187 NPM packages with a worm-like payload. The malware scanned systems for account tokens using TruffleHog, injected a harmful script into the targeted packages, and then automatically republished them.
In the latest attack, the threat escalated—impacting more than 800 packages (including all affected versions) and adding a destructive feature capable of wiping a victim’s home directory under specific conditions.

During their review of the secrets spilled by Shai-Hulud 2.0 into over 30,000 GitHub repositories, Wiz researchers found several types of sensitive files exposed:

  • About 70% of repositories contained a contents.json file with GitHub usernames, tokens, and file snapshots

  • Around 50% stored truffleSecrets.json with TruffleHog scan results

  • Nearly 80% included environment.json, which revealed OS details, CI/CD metadata, npm package information, and GitHub credentials

  • 400 repositories had actionsSecrets.json, exposing GitHub Actions workflow secrets

Wiz notes that the malware used TruffleHog without the --only-verified flag, meaning the full set of 400,000 leaked secrets only matched valid formats—they weren’t necessarily functional. Even so, the dataset still contained active credentials.

While the secret data is extremely noisy and requires heavy deduplication efforts, it still contains hundreds of valid secrets, including cloud, NPM tokens, and VCS credentials,” Wiz explained.

To date, these credentials pose an active risk of further supply chain attacks. For example, we observe that over 60% of leaked NPM tokens are still valid.

From the 24,000 environment.json files analyzed, nearly half were unique. About 23% originated from developer machines, with the remainder linked to CI/CD systems or similar automated environments.

The investigation also showed that 87% of compromised machines were running Linux, and 76% of infections occurred within containerized environments. Among CI/CD services, GitHub Actions was the most affected, followed by Jenkins, GitLab CI, and AWS CodeBuild.

When examining which packages were hit hardest, Wiz identified @postman/tunnel-agent@0.6.7 and @asyncapi/specs@6.8.3 as the most impacted—together accounting for over 60% of all infections. Researchers believe the overall damage could have been significantly reduced if these key packages had been flagged and taken down early.

The infection pattern also revealed that 99% of attacks triggered during the preinstall event, specifically through the node setup_bun.js script. The few anomalies observed were likely test runs.

Wiz warns that the operators behind Shai-Hulud are likely to continue refining their methods. The team expects more waves of supply-chain attacks powered by the extensive trove of leaked credentials gathered so far.

Read more »
Token Farming Attack
Automated Attacks Cyber Security Dependency Threats malware NPM malware Open Source Risks Registry Abuse Research Software Integrity supply chain security Token Farming Attack

$116 Million at Risk as Balancer Suffers Major Smart Contract Breach

 

Security experts are becoming increasingly concerned about a developing anomaly in the JavaScript ecosystem after researchers discovered a massive cluster of self-replicating npm packages that seem to have no technical function but instead indicate a well-thought-out and financially motivated scheme. Over 43,000 of these packages—roughly 1% of the whole npm repository—were covertly uploaded over a two-year period using at least 11 synchronized accounts, according to recent research by Endor Labs. 

The libraries automatically reproduce themselves when downloaded and executed, filling the ecosystem with nearly identical code, even though they do not behave like traditional malware—showing no indicators of data theft, backdoor deployment, or system compromise. Investigators caution that even while these packages are harmless at the moment, their size and consistent behavior could serve as a channel for harmful updates in the future. 

With many packages containing tea.yaml files connected to TEA cryptocurrency accounts, early indications also point to a potential monetization plan, indicating the operation may be built to farm tokens at scale. The scope and complexity of the program were exposed by more research in the weeks that followed. 

In late October, clusters of unusual npm uploads were first observed by Amazon's security experts using improved detection algorithms and AI-assisted monitoring. By November 7, hundreds of suspicious packages had been found, and by November 12, over 150,000 malicious entries had been linked to a network of coordinated developer accounts. 

What had started out as a few dubious packages swiftly grew into a huge discovery. They were all connected to the tea.xyz token-farming initiative, a decentralized protocol that uses TEA tokens for staking, incentives, and governance to reward open-source contributions. Instead of using ransomware or credential stealers, the attackers flooded the registry with self-replicating packages that were made to automatically create and publish new versions.

As unwary developers downloaded or interacted with the contaminated libraries, the perpetrators silently accumulated token rewards. Each package was connected to blockchain wallets under the attackers' control by embedded tea.yaml files, which made it possible for them to embezzle profits from lawful community activities without drawing attention to themselves. The event, according to security experts, highlights a broader structural flaw in contemporary software development, where the speed and transparency of open-source ecosystems may be readily exploited at scale. 

Amazon's results show how AI-driven automation has made it easy for attackers to send large quantities of garbage or dangerous goods in a short amount of time, according to Manoj Nair, chief innovation officer at Snyk. He emphasized that developers should use behavior-based scanning and automated dependency-health controls to identify low-download libraries, template-reused content, and abrupt spikes in mass publishing before such components enter their build pipelines, as manual review is no longer sufficient. 

In order to stop similar operations before they start, he continued, registry operators must also change by proactively spotting bulk uploads, duplicate code templates, and oddities in metadata. Suzu CEO Michael Bell shared these worries, claiming that the discovery of 150,000 self-replicating, token-farming npm packages shows why attackers frequently have significantly more leverage when they compromise the development supply chain than when they directly target production systems. 

Bell cautioned that companies need to treat build pipelines and dependency chains with the same rigor as production infrastructure because shift-left security is becoming the standard. This includes implementing automated scans, keeping accurate software bills of materials, enforcing lockfiles to pin trusted versions, and verifying package authenticity before installation. He pointed out that once malicious code enters production, defenders are already reacting to a breach rather than stopping an assault. 

The researchers discovered that by incorporating executable scripts and circular dependency chains into package.json files, the campaign took advantage of npm's installation procedures. In actuality, installing one malicious package set off a planned cascade that increased replication and tea.xyz teaRank scores by automatically installing several more.

The operation created significant risks by flooding the registry with unnecessary entries, taxing storage and bandwidth resources, and increasing the possibility of dependency confusion, even if the packages did not include ransomware or credential-stealing payloads. Many of the packages shared cloned code, had tea.yaml files connecting them to attacker-controlled blockchain wallets, and used standard naming conventions. Amazon recommended that companies assess their current npm dependencies, eliminate subpar or non-functional components, and bolster their supply-chain defenses with separated CI/CD environments and SBOM enforcement. 

The event contributes to an increasing number of software supply-chain risks that have led to the release of new guidelines by government organizations, such as CISA, with the goal of enhancing resilience throughout development pipelines. The campaign serves as a sobering reminder that supply-chain integrity can no longer be ignored as the inquiry comes to an end. The scope of this issue demonstrates how readily automation may corrupt open-source ecosystems and take advantage of community trust for commercial gain if left uncontrolled. 

Stronger verification procedures throughout development pipelines, ongoing dependency auditing, and stricter registry administration are all necessary, according to experts. In addition to reducing such risks, investing in clear information, resilient tooling, and cross-industry cooperation will support the long-term viability of the software ecosystems that contemporary businesses rely on.
Read more »
telemetry.js malware
GitHub Actions vulnerability NPM malware Nx supply chain attack telemetry.js malware

Nx "s1ngularity" Supply Chain Attack Exposes Thousands of Secrets

 

The recent Nx "s1ngularity" NPM supply chain attack has led to a massive security fallout, exposing thousands of account tokens and repository secrets, according to Wiz researchers.

A post-incident analysis revealed that the breach compromised 2,180 accounts and 7,200 repositories in three distinct attack phases. Wiz emphasized that the impact is still unfolding, as many of the leaked secrets remain valid.

Nx, a widely used open-source build system and monorepo management tool in enterprise-scale JavaScript/TypeScript projects, has over 5.5 million weekly downloads on the NPM registry.

How the Attack Happened

On August 26, 2025, threat actors exploited a flawed GitHub Actions workflow in the Nx repository. This enabled them to publish a malicious version of Nx on NPM containing a post-install malware script called telemetry.js.

The telemetry.js malware targeted Linux and macOS systems, attempting to steal sensitive data such as GitHub tokens, npm tokens, SSH keys, .env files, and even crypto wallets. The stolen data was then uploaded to public repositories under the name "s1ngularity-repository."

What made this breach particularly unique was the attacker’s use of AI command-line tools like Claude, Q, and Gemini. These tools were leveraged with changing LLM prompts to hunt for and extract secrets.

"The evolution of the prompt shows the attacker exploring prompt tuning rapidly throughout the attack. We can see the introduction of role-prompting, as well as varying levels of specificity on techniques," explained Wiz.

"These changes had a concrete impact on the success of the malware. The introduction of the phrase ‘penetration testing’, for example, was concretely reflected in LLM refusals to engage in such activity."

Three Phases of the Attack

Phase 1 (Aug 26–27): Backdoored Nx packages impacted around 1,700 users, leaking more than 2,000 unique secrets and exposing 20,000 files from infected systems. GitHub removed attacker-created repositories within eight hours, but the stolen data had already been duplicated.

Phase 2 (Aug 28–29): Using stolen GitHub tokens, attackers flipped private repositories to public, renaming them with the “s1ngularity” tag. This compromised 480 more accounts (mostly organizations) and exposed 6,700 private repositories.

Phase 3 (from Aug 31): The attackers focused on a single organization, using two compromised accounts to publish another 500 private repositories.

Root Cause & Response

The Nx team later confirmed that the breach stemmed from a pull request title injection combined with insecure use of pull_request_target. This flaw allowed attackers to execute arbitrary code with elevated permissions, triggering Nx’s publish pipeline and stealing the npm publishing token.

In response, Nx revoked compromised tokens, adopted two-factor authentication, and migrated to NPM’s Trusted Publisher model, which eliminates token-based publishing. Additionally, manual approvals are now required for pull request-triggered workflows.
Read more »
Subscribe to: Comments (Atom)