Shai-Hulud worm returns stronger and more automated than ever before

Security researchers and authorities are warning about a fresh wave of supply-chain attacks linked to a self-replicating worm that attackers have injected into almost 500 npm (node.js package manager) software packages, exposing more than 26,000 open-source repositories on GitHub.

The trojanized npm packages, which were first discovered late Sunday by Charlie Eriksen, security researcher at Aikido Security, were uploaded during a three-day period starting Friday and reference a new version of Shai-Hulud, malware that previously infected npm packages in September.

The campaign remains active and is compromising additional repositories, while others have been removed. Researchers haven’t observed downstream attacks originating from credentials stolen by the malware.

“However, because these credentials were publicly exposed on GitHub, it is highly likely that multiple threat actors already have access to them or will soon. This significantly increases the probability of downstream exploitation even if it has not yet appeared at scale,” Eriksen told CyberScoop.

The malware is propagating rapidly, using stolen npm tokens to infect additional packages at a level of automation and scale that is substantially higher than its previous version, approaching near self-sufficiency, Eriksen added. 

Major packages including Zapier, ENS Domains, PostHog and Postman were trojanized, allowing the attackers to populate GitHub repositories with stolen victim data, according to Wiz. Some of the packages are present in about 27% of cloud and code environments, the security firm said in a blog post Monday.

“We’ve observed multiple environments where these trojanized packages were downloaded before their removal from npm, suggesting active real-world exposure,” Merav Bar, threat researcher at Wiz, told CyberScoop. “As we saw in past attacks, we expect to see a long tail of exploitation of the exposure across both the initial and opportunistic attackers.”

The previous and current wave of Shai-Hulud attacks appear to be focused on stealing developer secrets that can be used for deeper supply-chain compromise, Bar added.

“Both waves of Shai-Hulud show how easy it is for attackers to weaponize trusted distribution paths, push malicious versions at scale, and reach thousands of downstream developers before anyone realizes something is wrong,” she said.

The timing of the latest Shai-Hulud campaign was opportunistic as well, hitting repositories just weeks before npm, a company GitHub acquired in 2020, plans to revoke classic tokens as part of a push to institute more strict security practices broadly. “This campaign would be significantly limited if these security implementations were in place,” Eriksen said.

The latest variant of Shai-Hulud creates malicious files during the preinstall phase, including a randomly named public repository containing stolen data. While the attacker references Shai-Hulud and activities resemble the previous worm, researchers at Wiz said there are some differences and attribution has not been fully confirmed.

Ron Peled, chief operating officer and co-founder of Sola Security, described npm as a low-friction package ecosystem, which makes it an appealing target for attackers. Moreover, he said, developers’ endpoints and CI/CD environments are often a blind spot for endpoint detection and response and anti-malware tools.

“Developers often store GitHub tokens, npm tokens or cloud secrets in environment variables,” Peled said. “Build systems almost always have access to powerful tokens and the malware only needs one of them to propagate.”

Attackers target open-source software for supply-chain attacks frequently, and the latest campaign marks yet another attack specifically targeting npm. Attacks are gaining maturity and complexity, building upon previous success, said Melissa Bischoping, senior director of security and product design research at Tanium. 

“Last year, everyone zeroed in on the XZ Utils compromise and how supply-chain compromise of a single open-source project could potentially hijack the entire world. In early September we had simple cryptojacking which was mostly a non-issue, but then that was quickly followed by the Shai-Hulud worm which stole credentials and further compromised security,” she added. 

“The pattern emerging is that attackers have identified open-source developers as high-value targets and have had massive success in just the last year,” Bischoping said. “Developers, even hobbyist ones, need to be prepared for continued attacks and escalation.”