EN
EN FR DE
Home | Blog | The Shai-Hulud Malware Attack on NPM Supply Chain [Flash Report]

The Shai-Hulud Malware Attack on NPM Supply Chain [Flash Report]

Written by: Pre-Sales/REACT team

3 min readNovember 27, 2025

This blog is a summary of our latest flash report covering this incident. On November 24, 2025, a sophisticated self-replicating malware worm known as Shai-Hulud launched its second wave of attacks against the NPM ecosystem, the central registry for JavaScript and TypeScript packages used by millions of developers worldwide. By compromising legitimate maintainer credentials and injecting malicious code into trusted packages, the worm has enabled automated supply-chain propagation at an unprecedented scale, prompting formal acknowledgment from authorities including CISA.

What has been happening with the NPM ecosystem?

The attack operates by stealing legitimate maintainer credentials and publishing modified package versions containing malicious install-time scripts. These scripts execute automatically during standard npm install operations, enabling:

  • Credential harvesting (npm, GitHub, CI/CD, cloud keys)
  • Silent republishing of newly infected packages
  • Rapid supply-chain-level propagation

The campaign has unfolded in two distinct waves:

  • Wave 1: Mid-September 2025
  • Wave 2 (“Shai-Hulud 2.0”): Starting November 24, 2025

The compromise operates at the NPM layer itself, enabling automatic propagation, large-scale credential theft, unauthorized code execution, and tampering of software supply chains. This represents a systemic supply-chain attack with global impact across the entire NPM/GitHub infrastructure, affecting developers, CI/CD systems, and cloud environments.

Authorities including CISA have formally acknowledged the campaign, publishing official alerts and indicators of compromise to assist in detection and remediation efforts.

Understanding the Shai-Hulud attack mechanism

Shai-Hulud employs a sophisticated multi-stage infection process that leverages the trust inherent in the NPM ecosystem:

Initial compromise

The worm begins by stealing legitimate maintainer credentials through various means, allowing threat actors to gain authorized access to established NPM packages with existing user bases and dependency chains.

Malicious package publishing

Once credentials are compromised, attackers publish modified versions of legitimate packages containing malicious install-time scripts. These scripts are embedded in the package’s installation lifecycle hooks, executing automatically whenever developers or automated systems run npm install.

Automated propagation

The malicious scripts perform several critical functions:

  • Credential extraction: Harvesting npm tokens, GitHub credentials, CI/CD secrets, and cloud platform keys from the infected environment
  • Repository scanning: Identifying other packages and repositories accessible with stolen credentials
  • Self-replication: Using harvested credentials to publish new infected package versions, creating an exponential propagation pattern

Because compromised packages are often dependencies of other packages, the infection can spread through dependency trees, affecting downstream projects that have no direct relationship with the initially compromised package.

Attribution and threat actor profile

The threat actor behind Shai-Hulud remains unattributed and unconfirmed at this time. Some security researchers have noted possible links to accounts associated with “Nx/s1ngularity”, though this connection remains unconfirmed.

Implications and exposed attack surface

The Shai-Hulud campaign creates multiple vectors of compromise with significant downstream implications. Compromised credentials include npm authentication tokens (enabling package publication and modification), GitHub personal access tokens (granting repository access and code modification capabilities), CI/CD secrets (providing access to build pipelines and deployment infrastructure), and cloud platform keys (allowing unauthorized access to AWS, Azure, GCP, and other cloud environments). With stolen GitHub credentials, attackers can inject backdoors into source code repositories, modify CI/CD workflows to include malicious steps, create persistent access mechanisms, and tamper with build artifacts and deployment pipelines.

The worm’s ability to propagate through dependency chains enables transitive compromise (infection of packages that depend on compromised packages), widespread distribution (automatic installation across thousands of development environments), and delayed detection (malicious code embedded in trusted, frequently-updated packages). The second wave designation suggests evolution of capabilities, potentially including data exfiltration from production environments, deployment of additional malware payloads, destructive actions against infrastructure, and establishment of persistent backdoors for future operations.

What are the potential destructive actions in 2.0 variants?

The second wave designation suggests evolution of capabilities, potentially including:

  • Data exfiltration from production environments
  • Deployment of additional malware payloads
  • Destructive actions against infrastructure
  • Establishment of persistent backdoors for future operations

Immediate actions and technical considerations

Organizations must immediately audit all JavaScript/Node.js repositories and compare their dependencies against known Shai-Hulud indicators referenced in the CISA publication. If matches are found:

  • Rotate all credentials immediately: npm, GitHub, CI/CD, and cloud platform credentials
  • Review package-lock.json and yarn.lock files for unexpected version changes
  • Examine CI/CD logs for unauthorized pipeline executions
  • Audit recent repository commits for unauthorized code changes

Good to know

CybelAngel mitigates the risks posed by Shai-Hulud–style supply-chain attacks by detecting, in real time, attack vectors such as GitHub repositories and their associated vulnerabilities, enabling you to act before compromised developer identities can be leveraged to propagate malicious packages or unauthorized code changes.

Do you know if you’ve been impacted by this supply-chain attack? CybelAngel can support you from detection to remediation. Our platform continuously monitors for compromised developer credentials, leaked secrets, supply chain vulnerabilities, and vulnerable repositories across GitHub and open-source intelligence sources, enabling you to act before attackers can leverage compromised identities to propagate malicious packages.

If you are not a client but wish to have a complete picture of this threat, you can obtain access to this report by getting in touch.

Contact us

About the author

Pre-Sales/REACT team

read all the articles