By rssfeeds-admin Dubbed “Shai-Hulud: Here We Go Again,” this aggressive campaign has compromised over 170 npm packages and multiple PyPI packages, which collectively see more than 200 million downloads every week.
The malware operates as a self-replicating worm that hunts for cloud credentials and uses stolen access to infect even more packages.
npm Attack Targets Credentials
The initial compromise bypassed modern security measures by poisoning a build cache within a trusted GitHub release workflow.
When developers install the compromised npm packages, a hidden preinstall script acts as a loader, downloading the Bun runtime and executing a heavily obfuscated JavaScript payload.
On the PyPI side, the attack uses a stealthy import-time downloader that grabs a remote Python credential stealer from attacker-controlled servers.
Once active, the malware daemonizes itself to run in the background, undetected by developers as they continue their work.
This campaign casts a massive net for sensitive data across developer machines and continuous integration pipelines.
It specifically targets GitHub Actions environments by extracting runtime-only secrets and OIDC tokens directly from Linux runner memory.
The malware also actively hunts for AWS credentials through instance metadata services, Kubernetes service account tokens across accessible namespaces, HashiCorp Vault access, and local password manager vaults.
After gathering these credentials, it exfiltrates the encrypted data through redundant channels, including the Session/Oxen network and dead-drop GitHub repositories.
What makes this campaign uniquely dangerous is its ability to self-propagate across the software supply chain.
After harvesting npm tokens and trusted-publishing credentials, the malware automatically identifies other packages the victim can publish.
It then downloads those packages, injects its malicious routing code, bumps the version number, and republishes the infected artifacts back to the registry.
This creates a devastating feedback loop where each compromised build machine becomes a launchpad for further infections.
According to jfrog research, defenders face a significant risk when attempting to clean up the infection because of a built-in dead-man’s switch.
The npm payload installs a persistent background service that polls the GitHub API every 60 seconds using a stolen token. If the API indicates the token has been revoked, the monitor immediately executes a command to delete all user files.
The PyPI variant exhibits similar destructive behavior, attempting to wipe the entire hard drive on specific Linux hosts.
Security teams must thoroughly isolate hosts and terminate these persistent monitoring processes before rotating any exposed credentials.
Indicators Of Compromise
| Indicator | Type | Description |
|---|---|---|
83.142.209.194 | IP Address | Campaign infrastructure |
hxxps[:]//83.142.209.194/transformers.pyz | URL | PyPI remote payload URL |
hxxps[:]//83.142.209.194/v1/models | URL | PyPI second-stage retrieval endpoint |
Note: IP addresses and domains are intentionally defanged (e.g., [.]) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM.
Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.
The post npm Supply Chain Attack Targets GitHub, AWS, and Kubernetes Credentials appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.