In partnership with
CYBER SYRUP
Delivering the sweetest insights on cybersecurity.
Go from AI overwhelmed to AI savvy professional
AI keeps coming up at work, but you still don't get it?
That's exactly why 1M+ professionals working at Google, Meta, and OpenAI read Superhuman AI daily.
Here's what you get:
Daily AI news that matters for your career - Filtered from 1000s of sources so you know what affects your industry.
Step-by-step tutorials you can use immediately - Real prompts and workflows that solve actual business problems.
New AI tools tested and reviewed - We try everything to deliver tools that drive real results.
All in just 3 minutes a day
Shai-Hulud 2.0: New NPM Worm Infects 640 Packages With Destructive Capabilities
A major new wave of supply chain attacks has infected roughly 640 NPM packages with an evolved variant of the Shai-Hulud worm, marking one of the most aggressive and destructive ecosystem-wide compromises observed in recent years. The malware now leverages preinstall scripts, automated token harvesting, destructive wipe functions, privilege escalation, and GitHub Actions backdoors — all optimized for rapid propagation across developer systems and CI/CD environments.
Context
Software supply chain compromises targeting package managers like NPM continue to grow in scale and automation. The original Shai-Hulud campaign in September already demonstrated the feasibility of worm-style propagation through NPM accounts. The newly observed variant expands its reach, weaponizes destructive capabilities, and introduces significantly wider blast radius across development environments.
What Happened
Researchers from Wiz, JFrog, Upwind, ReversingLabs, and others discovered that attackers launched a second wave of Shai-Hulud infections over the weekend. More than 640 NPM packages have already been compromised, with 25,000+ malicious repositories published and roughly 1,000 new packages appearing every 30 minutes.
The updated worm integrates wiping routines, DNS hijacking, GitHub Actions backdoors, and automated privilege escalation to ensure continued propagation even when access tokens are unavailable.
Technical Breakdown
Key behaviors of the updated Shai-Hulud variant include:
Propagation via NPM preinstall scripts, increasing reach across local dev machines and CI/CD pipelines.
Self-replication by harvesting GitHub, NPM, and cloud credentials, then republishing trojanized versions of any packages the victim maintains.
Credential exfiltration to attacker-controlled GitHub repos labeled “Shai-Hulud: Second Coming.”
Destructive fallback behavior:
Wipes user data on Windows
Deletes all files and directories on Unix-based systems
GitHub Actions backdoor workflows, supporting command execution via GitHub Discussions.
DNS hijacking to redirect traffic.
Privilege escalation, including modifying sudoers files and launching privileged Docker containers.
Targeting of major packages, including AsyncAPI, Zapier, Postman, ENS, Browserbase, and PostHog.
ReversingLabs identified 27,000+ data exfiltration repositories, highlighting the campaign’s unprecedented automation.
Impact Analysis
The attack represents a rare ecosystem-wide worm, capable of transforming every infected maintainer into a new distribution hub. With compromised packages representing over 130 million monthly downloads, the potential downstream risk to organizations is substantial.
Key risks include:
Credential theft across cloud, GitHub, NPM, and CI/CD environments
Supply chain contamination of internal and public projects
Destructive data loss on developer endpoints and build systems
Propagation throughout dependency graphs before detection
Why It Matters
Shai-Hulud 2.0 underscores a structural reality:
Package managers and CI/CD pipelines are now primary attack surfaces, not secondary ones.
The worm’s automation allows attackers to compromise thousands of packages in hours, bypassing traditional detection and overwhelming manual response workflows.
Expert Commentary
“This is no longer a simple supply-chain incident — it’s a worm. Once a token is stolen, it’s reused instantly to republish malicious versions, inject rogue workflows, and amplify itself across the ecosystem.” — Upwind Research
“The malicious file is so massive it defeats AI-based analysis tools by exceeding context limits, leading them to incorrectly classify it as benign.” — Garrett Calpouzos, Sonatype
Key Takeaways
A highly destructive, self-propagating NPM worm is actively spreading.
More than 640 packages and 25,000+ GitHub repos are already compromised.
Preinstall scripts dramatically expand the infection surface.
The worm steals tokens, republishes malicious packages, hijacks DNS, and wipes devices.
Major packages with millions of weekly downloads were trojanized.
Immediate rotation of GitHub/NPM/cloud credentials is critical.
CI/CD pipelines and dev systems must be treated as high-risk exposure points.