Major Web Attacks: The Impact of the Shai-Hulud Worm

The Shai-Hulud Worm: What is it? How is it different?

Shai-Hulud is a novel, self‑propagating software supply chain worm that targets the NPM (Node Package Manager) ecosystem and associated development, CI/CD, and cloud-connected environments. Historically, supply chain compromises required a human threat actor to breach a vendor, modify a product or update mechanism, and then use that foothold to access downstream customers. Shai-Hulud changes this model by combining autonomous replication, credential theft, and the exploitation of trusted open-source packages to move on its own through development ecosystems. As a result, the worm can infect build systems, developer environments, and CI/CD (Continuous Integration and Continuous Delivery/Deployment) pipelines without continuous human orchestration that defined prior supply chain intrusions, compromising over 500 NPM packages and 500+ versions in September 2025. Its resurgence in late November 2025, dubbed Shai‑Hulud 2.0, has surpassed the scope and impact of the initial outbreak earlier in the year, where it has compromised 796 npm packages in just about the same time frame as the first Shai-Hulud, making it one of the most disruptive supply chain malware campaigns seen to date within the software development ecosystem.

Defender Concerns

Shai‑Hulud is significant for defenders because it exploits trusted software delivery channels, meaning traditional perimeter and endpoint defenses often fail to detect or prevent compromise. The attack underlines critical weaknesses in dependency trust, CI/CD hygiene, and secrets management, exposing organizations to large‑scale credential theft, supply chain integrity loss, and downstream exploitation of cloud workloads. Telemetry shows the malware collected approximately 500 distinct GitHub usernames and tokens from contents.json files within compromised repositories. Additional credential harvesting at scale identified up to 400,000 potential secrets through TruffleHog scanning, with only a limited subset, around 2.5 percent confirmed as authentic.

Initial Discovery

The original Shai‑Hulud campaign was first identified in mid‑September 2025, when security researchers discovered a rapidly spreading malware worm in the npm JavaScript package registry. Unlike typical malware, Shai‑Hulud exhibited worm‑like propagation by exploiting compromised maintainer accounts to publish malicious versions of widely used packages, such as @ctrl/tinycolor and others, embedding payloads that harvested sensitive credentials and exfiltrated them to public repositories. Shai‑Hulud stood out from earlier supply chain incidents because it combined self‑replication, automated credential harvesting, and exploitation of the developer ecosystem, effectively converting trusted libraries into propagation vectors. The worm used tools like TruffleHog to scrape for secrets within environments, meaning that developer machines, CI runners, and cloud systems could be compromised without direct interaction from defenders.

This first iteration compromised hundreds of packages and created thousands of publicly visible repositories containing stolen secrets. It demonstrated how a single supply chain compromise could ripple across countless dependent projects, leveraging the trust model of open-source software.

Reemergence as Shai-Hulud 2.0 in Late November 2025

After a temporary lull in visibility, a second and more aggressive wave emerged in late November 2025, referred to in telemetry as Shai‑Hulud 2.0 or “The Second Coming.” In contrast to the original variant, Shai‑Hulud 2.0 rapidly compromised hundreds of npm packages and tens of thousands of GitHub repositories, infecting development environments and cloud build pipelines rapidly after discovery. Estimates indicate that between 25,000 and 30,000 GitHub repositories were impacted in the first days of the resurgence, with hundreds of compromised maintainer accounts enabling propagation.

Technical Overview of Shai-Hulud and Shai-Hulud 2.0 – Initial Infection Vector

Shai‑Hulud leverages software supply chain compromise as its primary initial access vector, aligning with MITRE ATT&CK technique T1195 (Supply Chain Compromise). Threat actors gain access to npm maintainer accounts commonly through stolen credentials or social engineering, and publish trojanized versions of legitimate packages containing malicious scripts. When developers or CI/CD pipelines install affected dependencies using standard npm install workflows, the malicious code executes automatically. In the original Shai‑Hulud campaign, execution was triggered through post-install lifecycle hooks. Upon execution, the malware programmatically created public GitHub repositories titled “Shai‑Hulud,” uploading stolen credentials and exposing sensitive secrets, thereby enabling downstream compromise of dependent projects. In the Shai‑Hulud 2.0 campaign, execution shifted to the preinstall phase, allowing the payload to run earlier in the installation process.

Shai-Hulud: Scale and Disclosure

Scope

The second wave’s rapid spread resulted in:

• 30,000+ compromised GitHub repositories with exposed secrets.

• 500+ stolen GitHub credentials identified from exfiltrated repositories.

• Tens of thousands of leaked secrets, including npm tokens, cloud provider credentials, and API keys; many of these remain valid and exploitable. This breadth of exposure means that development pipelines and production environments globally face increased risk of follow-on attacks such as unauthorized access, resource abuse, or deeper supply chain compromise.

Impact on Systems and Operations

Shai-Hulud campaigns compromised development and build environments, allowing malicious code to propagate into downstream systems automatically. Affected systems included local developer machines, CI/CD runners, and cloud-based build pipelines. Observed impacts in Shai-Hulud 2.0 included automated exfiltration of credentials, enabling potential unauthorized access to additional repositories, private packages, and cloud workloads. This raised the risk of lateral movement, resource misuse, and further supply chain contamination.

While no widespread destruction was reported, the integrity of numerous software packages was undermined. Developers relying on infected packages faced the risk of inadvertently introducing malicious code into production applications, potentially disrupting automated deployments, testing pipelines, and production workflows.

Signals for Future Attacker Tactics

Key observed trends include:

• Automated credential harvesting and exfiltration integrated into self-propagating malware.
• Adoption of preinstall execution to circumvent static code analysis and security scans.
• Cross-victim exfiltration, where stolen tokens allow targeting of new accounts and repositories beyond the initial compromise.

These signals suggest attackers may increasingly embed worm-like capabilities into high-trust infrastructure and development tools, escalating the risk profile of software supply chains.

Shai-Hulud: Mitigations & Guidance

Detection and Monitoring

Defenders should prioritize enhanced visibility across development pipelines and build environments:

• Inspect package.json and lock files for unexpected preinstall or postinstall scripts and unauthorized lifecycle hooks associated with compromised npm packages.
• Monitor for artifacts linked to Shai-Hulud activity, including setup_bun.js, bun_environment.js, and obfuscated binaries introduced during dependency installation.
• Audit GitHub Actions workflows for unfamiliar or recently added YAML files, including base64-encoded workflows placed under .github/workflows.
• Identify unauthorized self-hosted GitHub runners registered within organizations, which may indicate compromised developer systems.
• Perform continuous secret scanning across repositories, CI/CD logs, and developer systems to detect credential harvesting and unauthorized TruffleHog execution.

Containment and Response

• Assume credential compromise on any developer machine or CI/CD runner that executed npm install with affected dependencies and immediately scope impacted environments.
• Revoke and rotate all exposed credentials, including npm tokens, GitHub personal access tokens, cloud provider keys, and third-party API keys.
• Isolate compromised repositories, build agents, and workspaces to prevent further lateral propagation across CI/CD infrastructure.
• Remove malicious GitHub Actions workflows and unauthorized runners discovered during the investigation.

Long-Term Hardening

• Enforce multi-factor authentication (MFA) for all developer and service accounts across GitHub and npm, prioritizing trusted publishing mechanisms over long-lived tokens.
• Pin dependency versions in package.json and avoid permissive version ranges to prevent automatic installation of malicious patch updates.
• Isolate npm publishing processes within dedicated CI/CD pipelines using short-lived credentials and minimal permissions.
• Integrate dependency and supply chain security tooling (e.g., npm audit, Snyk, Socket, SBOM-based scanning) into the development lifecycle.
• Educate development and DevOps teams on software supply chain threats, emphasizing safe dependency practices and early detection of anomalous build behavior.

Shai-Hulud: Lessons Learned

Impact on Systems and Operations

Shai-Hulud represents a structural shift in how software supply chain attacks are executed and scaled. Unlike prior campaigns that relied on human-operated intrusion chains, Shai-Hulud demonstrated that autonomous malware can weaponize trust relationships within open-source ecosystems to propagate, harvest credentials, and expand laterally without centralized command-and-control. By embedding itself directly into dependency installation workflows, the worm effectively turned routine development activity into an infection vector, bypassing many traditional detection and prevention controls.

The resurgence of Shai-Hulud 2.0 in late 2025 confirmed that this was not a one-off event but an evolving attack model. Improvements such as preinstall execution, expanded credential harvesting, and faster propagation underscored how quickly attackers can iterate within trusted infrastructure once an ecosystem is compromised. The campaign highlighted the fragility of dependency trust, the risks posed by long-lived credentials, and the systemic exposure created by highly interconnected CI/CD environments.

From a defensive perspective, Shai-Hulud changed the threat landscape by forcing organizations to reassess where security controls must operate. Endpoint and network defenses alone are insufficient when malicious code executes inside build systems using legitimate tooling and APIs. As organizations move into 2026, priorities should include strengthening CI/CD security, enforcing strict identity and access controls, minimizing credential lifetimes, and treating dependency management as a core security function rather than a purely operational concern. Investment in supply chain visibility, automated detection within development workflows, and organizational readiness for rapid credential revocation will be critical to reducing exposure to future self-propagating supply chain threats modeled after Shai-Hulud.