Security experts have warned of a major new secret-stealing worm roaming the npm ecosystem which could affect millions of downstream users.
Shai-Hulud first appeared in September, when threat actors hijacked npm developers’ accounts through social engineering and installed trojanized packages. These proceeded to scan for sensitive data like AWS keys and GitHub tokens, exfiltrating them to attacker-controlled repositories.
To spread, the worm-like malware would also look for other packages maintained by the targeted developers and create a new, malicious version. According to Mondoo it compromised 180 packages by the end of September, disrupting global CI/CD workflows.
The so-called “Second Coming” of Shai-Hulud is targeting popular projects like Zapier and PostHog. According to Wiz Security, as of yesterday it had already infected more than 700 packages with over 100 million downloads.
Although GitHub is removing attacker-created repositories and malicious packages are being removed from npm, Wiz said the worm is scaling rapidly, with 1000 new repos discovered every 30 minutes.
“Given the campaign’s scale, pace, and ability to steal secrets, teams should urgently review dependencies and deploy remediation steps,” it warned.
Read more on Shai-Hulud: Shai-Hulud Worm Prowls npm to Steal Hundreds of Secrets
It’s unclear whether the threat actors behind Shai-Hulud 2 are the same as the ones that masterminded the first iteration, although the new version has several new features – notably it can infect up to 100 npm packages, compared to 20 last time.
Mondoo warned that the worm could lead to data breaches, “ransomware footholds” and general loss of trust in the npm ecosystem.
“The worm poses a significant risk to the software industry and end users since it can autonomously steal sensitive developer credentials and propagate itself across hundreds of open-source software packages in the npm ecosystem,” it added.
“Since npm packages are integrated into millions of applications and systems globally, this means that even a single compromise can potentially affect millions of downstream users and organizations.”
Garrett Calpouzos, principal security researcher at Sonatype, warned that the malware used in the new version has an unusual structure, in that it’s split into two files in an apparent bid to evade detection.
“The first checks for and installs a non-standard ‘bun’ JavaScript runtime, and then uses bun to execute the actual rather massive malicious source file that publishes stolen data to .json files in a randomly named GitHub repository,” he explained.
“What’s particularly interesting is how the size and structure of the file appear to confuse AI analysis tools. It’s so large that it exceeds a normal context window and the models can’t keep track of everything they’re reading. I’ve asked both ChatGPT and Gemini to analyze it and I get different answers each time.”
How to Remediate
Security experts have urged developers and organizations to take urgent action. Aikido malware researcher, Charlie Eriksen, suggested the following:
- Audit all Zapier/ENS-related npm dependencies and versions
- Rotate all GitHub, npm, cloud and CI/CD secrets used during installs
- Check GitHub for strange repos with the description “Sha1-Hulud: The Second Coming”
- Disable npm postinstall scripts in CI where possible
- Pin package versions and enforce multi-factor authentication (MFA) on GitHub and npm accounts
- Use tools like Safe-Chain to block malicious packages on npm