Self-Propagating Attack Infects 187 npm Packages

A significant software supply chain attack has compromised at least 187 npm packages, with a self-propagating worm actively targeting and infecting additional libraries. The campaign, nicknamed ‘Shai-Hulud,’ began with the widely used @ctrl/tinycolor package and has since expanded to include modules published under CrowdStrike’s official npm namespace.

The attack was first brought to public attention by Daniel Pereira, a senior backend engineer, who warned the community about active malware spreading through npm. Pereira initially attempted to contact GitHub through private channels due to the sensitivity of the situation, noting that public disclosure could escalate risks. He emphasized the severity of the incident, pointing out that sensitive secrets were being exposed in repositories.

Security firms Socket and Aikido conducted investigations that revealed the scale of the compromise, identifying dozens of malicious packages. StepSecurity provided a technical analysis with deobfuscated code snippets and attack diagrams, corroborating earlier findings. Among the affected packages were several published by CrowdStrike’s npm account, though the company confirmed that its core Falcon platform remained secure and unaffected.

CrowdStrike responded promptly, stating, “After detecting several malicious Node Package Manager (NPM) packages in the public NPM registry, we swiftly removed them and proactively rotated our keys in public registries.” The company is collaborating with npm to conduct a full investigation.

The malware employs a self-propagating mechanism that scans for other packages maintained by the same authors. It modifies package.json files, injects a malicious script named bundle.js, repackages the archive, and republishes it, effectively trojanizing downstream dependencies. The bundle.js script abuses TruffleHog, a legitimate secret-scanning tool, to hunt for sensitive credentials like API keys, tokens, and cloud access details on infected systems.

Once identified, these secrets are validated and exfiltrated to a hardcoded webhook. The attack also creates unauthorized GitHub Actions workflows within repositories, further extending its reach. The campaign’s name, ‘Shai-Hulud,’ derives from the workflow files used by the malware, a nod to the giant sandworms in Frank Herbert’s Dune series.

This incident follows other recent high-profile supply chain attacks, including September’s ‘s1ngularity’ campaign that compromised over 2,180 GitHub accounts. Some experts speculate that the same threat actors may be behind both operations. Earlier this month, maintainers of popular packages like chalk and debug also fell victim to separate phishing attacks, highlighting the persistent vulnerabilities within open-source ecosystems.

The repercussions of these attacks ripple across dependency chains, potentially affecting major projects like Google’s Gemini CLI. Although Google confirmed that its source code and servers were not directly breached, users who installed or updated the CLI via npm during the attack window may have been exposed.

These events underscore the fragility of modern software supply chains, where a single compromised account or malicious update can impact hundreds of projects. Organizations and developers are urged to audit their environments, rotate all exposed secrets and tokens, and review dependency trees for signs of malicious versions. Pinning dependencies to trusted releases and restricting publishing credentials are essential measures to mitigate future risks.

(Source: Bleeping Computer)