TT-CSIRT – 453.24.09.25 – Shai-Hulud Self-Replicating Worm Supply Chain Compromise
Please be advised, CISA has issued a critical alert regarding a widespread supply chain attack involving npmjs.com, the largest JavaScript package registry. A self-replicating worm named “Shai-Hulud” has compromised over 500 npm packages. After initial access, the attacker deployed malware scans for sensitive credentials such as GitHub Personal Access Tokens (PATs) and cloud service API keys from AWS, GCP, and Azure.
Attack Details:
- The malware exfiltrates harvested credentials to a command-and-control endpoint controlled by the actor.
- Stolen credentials are uploaded to a public GitHub repository named Shai-Hulud via the GitHub user/repos API.
- The worm uses stolen developer credentials to authenticate to npm, injecting malicious code into other packages.
- Compromised versions of packages are published to the npm registry, allowing automated, rapid spread and persistence.
- The attack propagates autonomously by exploiting existing trust in the open-source ecosystem through post-install scripts.
- The worm also deploys Unix shell scripts and uses tools such as TruffleHog to discover more secrets and broaden its impact.
Recommended Mitigations:
- Conduct comprehensive dependency reviews of all software using npm packages.
- Identify affected packages via package-lock.json or yarn.lock files, including transitive dependencies.
- Search artifact repositories and package caches for compromised versions.
- Pin package versions to safe releases published before September 16, 2025.
- Immediately rotate all developer and CI/CD credentials.
- Enforce phishing-resistant MFA for all developer accounts, especially on critical platforms like GitHub and npm.
- Monitor network traffic for anomalous behavior and block outbound connections to suspicious domains such as webhook.site.
- Audit and harden GitHub configurations by removing unnecessary apps, OAuth tokens, and auditing repository webhooks and secrets.
- Enable branch protection rules, GitHub Secret Scanning alerts, and Dependabot security updates.
This supply chain compromise highlights the escalating risks and the need for rigorous access controls, credential hygiene, and proactive detection strategies in development environments.
Reference:
