Key Highlights
- What Happened: The evolved Shai Hulud 2.0 Software Supply Chain Attack is actively compromising the npm ecosystem, targeting developers globally to steal sensitive data like API keys, cloud credentials, and npm/GitHub tokens. This attack threatens high-profile packages and includes a destructive fail-safe that wipes the user’s Home directory if self-replication fails.
- What’s Different: This version significantly enhances stealth by utilizing the Bun runtime to hide its core logic and increases its potential scale by raising the infection cap from 20 to 100 packages. It also uses a new evasion technique, exfiltrating stolen data to randomly named public GitHub repositories instead of a single, hardcoded one.
- What You Should Do: Organizations must immediately audit dependencies, rotate all exposed secrets, and utilize security scanning tools to detect indicators of compromise (IoCs) related to the Shai Hulud Software Supply Chain Attack to prevent data loss and compromise of CI/CD pipelines.
Shai-Hulud is back.
Like the first Shai-Hulud attack, this software supply chain attack steals secrets and then self-replicates across the npm ecosystem using compromised npm and GitHub tokens.
What has changed is the scale and stealth of the campaign: the new activity hits a broader set of npm dependencies (including Zapier/ENS-related packages in some cases) and creates randomly named public GitHub repositories that contain stolen data, instead of relying only on the fixed Shai-Hulud / “Shai-Hulud Migration” repo names described in prior reports.
Cycode’s team is actively monitoring this campaign and continuously updating affected packages in our Threat Intelligence feed so customers can quickly understand their exposure. The feed also surfaces suspicious public repositories associated with your developers’ accounts, including those labeled “Sha1-Hulud: The Second Coming,” so teams can see both package-level and repo-level impact in one place.
What is Shai-Hulud?
The original Shai-Hulud campaign was a highly aggressive, self-propagating worm targeting the npm ecosystem. It operated by compromising legitimate packages; once a developer installed an infected package, a post-install script triggered a scan for secrets, such as API keys and cloud credentials. The malware then created unauthorized GitHub Actions workflows (specifically shai-hulud.yaml) to exfiltrate these secrets to public repositories explicitly named “Shai-Hulud.”
Beyond theft, the worm was designed for virality: it utilized stolen npm tokens to publish malicious versions of other packages owned by the victim, while occasionally exposing proprietary intellectual property by flipping private repositories to public visibility.
What is Different about the Shai-Hulud Second Coming?
The second iteration of Shai Hulud has evolved to be more stealthy, more scalable, and more destructive. Technically, it now obscures its execution by installing the Bun runtime via setup_bun.js to run the core malicious logic contained in bun_environment.js. To evade the detection signatures that stopped the first wave, it now dumps stolen data into randomly named repositories rather than using a hardcoded naming convention.
This variant is also far more aggressive, raising the infection cap from 20 to 100 packages. It also introduces a fail-safe where, if the malware fails to authenticate with GitHub or NPM, it proceeds to wipe all files in the user’s Home directory.
What Actions Should You Take?
If your organization uses npm for dependencies, you should take immediate action to assess your exposure and secure your environments.
- Audit Your Dependencies:
- Scan your projects for the compromised packages listed below and in official CVEs.
- Pin all dependencies to known-good versions to prevent the automatic uptake of malicious updates.
- Run npm audit to identify vulnerabilities and clear your local npm cache with npm cache clean –force to remove tainted packages.
- Scan for Exposed Secrets and Rotate Them:
- Operate under the assumption that any credentials on developer machines or within your CI/CD environment have been compromised.
- Immediately initiate a rotation of all secrets, including API keys, cloud credentials, database passwords, and especially npm automation tokens.
- Inspect Your CI/CD and Source Code Repositories:
- Thoroughly audit all repositories for unauthorized or suspicious GitHub Actions workflows. Look for any new YAML files you don’t recognize.
- Check repository settings to ensure that private repositories have not been made public.
- Review access permissions and enforce the principle of least privilege for both users and automation tokens.
How to Identify and Remediate with Cycode
For Cycode customers, identifying exposure is instantaneous. We have already updated our Threat Intel feed with the indicators of compromise (IoCs) and the full list of affected packages from this attack.
Here’s how the Cycode platform helps you address this threat end-to-end:
- Instantly Assess Exposure: Cycode’s Software Composition Analysis (SCA) engine, powered by our Threat Intel feed, allows you to immediately query your entire software inventory to see if you are using any of the malicious Shai-Hulud packages.
- Find and Remediate Exposed Secrets: Cycode’s Hardcoded Secrets Detection scans your entire SDLC to find exposed credentials the malware may have stolen. Our Risk Intelligence Graph helps prioritize which secrets to rotate first based on their exposure and potential impact.
- Detect Malicious Pipeline Activity: Cycode’s CI/CD Security module provides complete visibility into your pipelines. It can detect the creation of unauthorized workflows and alert you to anomalous behavior that deviates from your security policies.
- Prevent Source Code Leakage: Cycode continuously scans public domains to identify if any of your organization’s or employees’ repositories are publicly available with the malware payload. If so, you would receive an immediate alert, enabling you to contain the leak.
Known Impacts
At the time of this writing, below is what we know across a number of published data:
| Category | Impact |
| Compromised GitHub Repos | 25000+ |
| Compromised/Republished npm Packages | 492-800+ |
| Affected Maintainers | ~350+ |
| Total Exposed Secrets | 14,206 |
| Still-Valid Secrets During Analysis | 2,485 |
| GitHub PATs Stolen | 775 |
| AWS Keys Stolen | 373 |
| GCP Keys Stolen | 300 |
| Azure Keys Stolen | 115 |
| Rogue Repos Created for Exfiltration | Thousands |
| Self-Hosted Runners Deployed by Attacker | Dozens+ (all named SHA1HULUD) |
