A newly released report from managed detection and response firm Expel Inc. reveals an advanced variant of the Shai Hulud malware, highlighting how software supply chain attacks are moving beyond isolated malicious packages to large-scale, self-spreading campaigns that exploit developers as unwitting distribution channels.

Originally detected in September, the Shai Hulud malware campaign targets the JavaScript ecosystem and prioritizes supply chain compromise over conventional endpoint attacks. It spreads through trojanized Node Package Manager (npm) packages designed to steal credentials and replicate across developer environments.

According to Expel, the latest iteration of Shai Hulud automates the takeover of developer systems and the npm registry by combining credential harvesting, cloud secret extraction and rapid self-propagation. The malware is typically triggered during an npm install process on a developer’s machine or within continuous integration and continuous delivery pipelines.

Once activated, the malicious package initiates a two-stage infection process. In the first phase, it prepares the environment by installing the Bun JavaScript runtime if it is not already available. The second phase launches a highly obfuscated background payload responsible for stealing credentials, exfiltrating data and spreading the infection further.

The malware conducts extensive searches for sensitive information stored locally, including cloud access keys, npm publishing tokens and GitHub login credentials. It also uses the TruffleHog security scanning tool to comb through a victim’s home directory, identifying hard-coded secrets hidden in source code, configuration files and git history.

When cloud credentials are discovered, Shai Hulud escalates its activity by directly querying cloud-based secret management services such as Amazon Web Services Inc.’s Secrets Manager, Microsoft Corp.’s Azure Key Vault and Google LLC’s Cloud Secret Manager to retrieve additional confidential data.

Rather than relying on traditional command-and-control infrastructure, the malware blends into normal developer workflows by abusing GitHub services. Stolen credentials and system details are exfiltrated to newly created public GitHub repositories, while infected systems are registered as self-hosted GitHub Actions runners, providing attackers with persistent remote access.

To maintain and expand the campaign, Shai Hulud exploits compromised developer accounts by injecting malicious code into other npm packages owned by the victim. These altered packages are then automatically published to the registry, allowing the malware to continue spreading.

Expel estimates that the campaign has affected more than 25,000 repositories and hundreds of npm packages, including those linked to widely used developer tools. The report concludes that Shai Hulud signals a fundamental change in supply chain risk by targeting the trust mechanisms underlying modern software development. While the current activity is focused on npm, Expel cautions that similar attacks could surface in other ecosystems built on comparable trust models, such as PyPI, RubyGems and Composer.