Shai-Hulud 2.0 Malware Breach Hits 30,000 Repositories and Exposes 500 GitHub Credentials

The Shai-Hulud 2.0 npm supply chain worm has become one of the longest-running and most damaging software supply chain incidents to date, with Wiz Research and Wiz Incident Response (CIRT) now tracking over 30,000 compromised GitHub repositories and at least 500 exposed GitHub credentials.

First detected on November 24, 2025, the worm abused poisoned npm packages to steal developer and CI/CD secrets and automatically create new public repositories in victims’ accounts.

Although the spread has slowed, Wiz continues to see new infected repositories appear days after the initial wave, indicating a long tail of ongoing exposure.

Infection spread across npm, CI/CD, and cloud tooling.

Shai-Hulud 2.0 spread mainly through malicious versions of popular npm packages, especially @postman/tunnel-agent@0.6.7 and @asyncapi/specs@6.8.3.

Wiz’s data shows these two packages alone account for more than 60% of all infections, closely matching their broad adoption across the ecosystem.

The malware mainly ran in automated environments rather than on developer laptops. Based on more than 24,000 recovered environment.json files, Wiz estimates only about 23% of infections occurred on developer machines.

The vast majority run on Linux-based CI/CD runners, often in containers. GitHub Actions was the dominant CI platform, with Jenkins, GitLab CI, and AWS CodeBuild trailing behind.

The worm’s behavior depended on what credentials it could find. If local GitHub credentials were missing, the malware searched for previously compromised GitHub accounts by scanning for repositories containing the marker string “Sha1-Hulud: The Second Coming.”

It then used tokens from an earlier victim to publish a new repository under that prior victim’s account, but filled with data from the latest victim. This cross-victim exfiltration made impact assessment much harder for organizations.

The incident also touched other ecosystems. AsyncAPI confirmed that, in addition to npm tokens, an OpenVSX API key was exfiltrated and used to poison their AsyncAPI IDE extension.

Socket and others reported that a Bun-based Shai-Hulud v2 payload was mirrored into the Java/Maven ecosystem as org.mvnpm:posthog-node:4.18.1, though no active worm-like spread has been seen in Maven or OpenVSX so far.

Hundreds of valid secrets and long-term risk

From more than 30,000 leaked repositories, Wiz reports that about 70% had distinct contents.json files, 50% had unique truffleSecrets.json outputs, and 80% contained environment.json.

Around 400 distinct actions in Secrets.json files exposed workflow secrets. These files included over 500 GitHub usernames and tokens, matching the number of “spreader” accounts used to host and propagate the stolen data.

The malware relied on TruffleHog to scan for secrets. Still, it did not use the –only-verified flag, creating a very noisy dataset of nearly 400,000 raw “secrets,” of which only about 2.5% are verified.

Many of these are short-lived JWTs, and only 25 remained valid as of December 1. However, Wiz still identified hundreds of live high-value credentials, including cloud keys, npm tokens, and VCS credentials.

Alarmingly, over 60% of leaked npm tokens remained valid, leaving the door open to follow-on supply chain attacks.

While a bug appears to have prevented the attacker’s cloud.json collector from successfully retrieving cloud provider secrets at scale, the incident shows a clear evolution: attackers are using npm and GitHub Actions as fertile hunting grounds for credentials and build pipelines.

Wiz warns that, powered by the trove of stolen secrets from Shai-Hulud 2.0 and earlier campaigns like s1ngularity, similar attacks are likely to continue.

Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates

The post Shai-Hulud 2.0 Malware Breach Hits 30,000 Repositories and Exposes 500 GitHub Credentials appeared first on Cyber Security News.