Hundreds of trojanized versions of well-known packages such as Zapier, ENS Domains, PostHog, and Postman have been planted in the npm registry in a new Shai-Hulud supply-chain campaign.
The malicious packages have been added to NPM (Node Package Manager) over the weekend to steal developer and continuous integration and continuous delivery (CI/CD) secrets. The data is automatically posted on GitHub in encoded form.
At publishing time, GitHub returned 27,600 results corresponding to entries related to the recent attack.
source: BleepingComputer
When the Shai-Hulud malware first appeared in the npm space in mid-September, and it compromised 187 packages with a self-propagating payload that used the TruffleHog tool to steal developer secrets.
The threat actor automatically downloaded legitimate packages, modified the package.json file to inject a malicious script, and then published them on npm using compromised maintainer accounts.
Charlie Eriksen, malware researcher at developer-focused security platform Aikido Security, discovered the new campaign earlier today, when there were 105 trojanized packages with Shai-Hulud indicators. Since then, the number grew to 492, counting only the package names.
Later, the researcher warned that the secrets stolen in the supply-chain attack were leaked on GitHub.
However, the campaign has grown exponentially to more than 27,000 malicious packages. Threat researchers at Wiz cloud security platform discovered around 350 unique maintainer accounts used in the campaign, noting that ” 1,000 new repositories are being added consistently every 30 minutes in the last couple of hours.”
Eriksen clarified for BleepingComputer that the repositories on GitHub are indicative of compromised developers that used trojanized npm packages and thad GitHub credentials on their environment.
A technical analysis of the new Shai-Hulud malware analysis from CI/CD security company Step Security explains that the new payloads are present in two files, one being setup_bun.js – a dropper disguised as a Bun installer.
The second file is called bun_environment.js and is sizeable at 10MB. It relies on “extreme obfuscation techniques,” Step Security says, such as a large hex-encoded string with thousands of entries, an anti-analysis loop, and an obfuscated function to retrieve every string in the code.
Step Security describes five stages the malware executes during the attack, which include exfiltrating secrets (GitHub and npm tokens, secrets for cloud platforms like AWS, GCP and Azure) and a destructive step that overwrites the victim’s entire home directory.
Koi Security, a company providing protection solutions for self-provisioned software, tracks more than 800 npm packages compromised by Shai-Hulud, counting all infected versions of a package.
The researchers confirmed the destructive step in the new Shai-Hulud variant, saying that the overwrite occurs only when a set of four conditions are met.
Deleting a user’s home folder happens if the malware cannot authenticate to GitHub, create a repository on the platform, fetch a GitHub token, or find an npm token.
According to Wiz, the malicious code collects developer and CI/CD secrets and publishes them to GitHub repositories “with names referencing Shai-Hulud.” The malicious code executes only during the pre-install stage and creates the following files:
cloud.json
contents.json
environment.json
truffleSecrets.json
Stolen secrets are published on GitHub to automatically-generated repositories that have the description “Sha1-Hulud: The Second Coming.”
It appears that the threat actor has also gained access to GitHub accounts that they are now using to create repositories with the four files above.
source: BleepingComputer
GitHub is deleting the attacker’s repositories as they emerge, but the threat actor appears to be creating new ones very fast.
On the list of 186 packages that Aikido Security found to be compromised with a new version of the Shai Hulud malware, there are multiple packages from Zapier, ENS Domains, PostHog, and AsyncAPI.
The compromised Zapier packages constitute the official toolkit for building Zapier integrations and are essential for Zapier developers.
The EnsDomains packages are tools and libraries widely used by wallets, DApps, exchanges, and the ENS Manager app, to handle .eth names, resolving them to Ethereum addresses, linking IPFS content, validating names, and interacting with the official ENS smart contracts.
All of the compromised packages are available for download from npm. However, in some cases, the platform displays a warning message about unauthorized publication of the latest version, indicating that the automated review has caught signs of a compromise.
Source: BleepingComputer
Developers are advised to check Aikido’s post for the complete list of the infected packages, downgrade to safe versions, and rotate their secrets and CI/CD tokens immediately.
Wiz researchers recommend security teams to first identify the compromised packages and replace them with legitimate ones. They also urge organizations to rotate all credentials tied to npm, GitHub, and cloud providers.
Aikido Security advises developers to disable npm postinstall scripts during continuous integration, if possible.
The return of Shai Hulud comes at a time when GitHub introduced additional security measures to prevent supply-chain attacks on npm, following a series of high-impact attacks on the platform. However, the measures are being implemented gradually.
BleepingComputer attempted to contact NPM about the campaign but our emails bounced as undeliverable.
Update [November 24, 10:28 AM]: Article updated with information from Koi Security
It’s budget season! Over 300 CISOs and security leaders have shared how they’re planning, spending, and prioritizing for the year ahead. This report compiles their insights, allowing readers to benchmark strategies, identify emerging trends, and compare their priorities as they head into 2026.
Learn how top leaders are turning investment into measurable impact.
