Shai-Hulud malware is back with a vengeance and has hit more than 19,000 GitHub repositories so far — here's what developers need to know
The malware has compromised more than 700 widely-used npm packages, and is spreading fast
The Shai-Hulud worm is back and once again infecting npm packages – and the scale of the attack is even greater than a September 2025 campaign which affected 180 repositories before containment.
Attackers involved in the campaign have been exploiting compromised package maintainer accounts to publish trojanized versions of legitimate npm packages that appear to originate from the official source.
Once downloaded, the malware scans for credentials and CI/CD secrets, which are then published to the user's own repositories. It also inserts the malicious payload into all of the users’ available npm packages, spreading the infection.
This time round, the malware has affected more than 19,000 GitHub repositories and compromised around 700 npm packages, including core libraries from Zapier and the Ethereum Name Service (ENS) ecosystem, along with PostHog and Postman.
According to Wiz Threat Research, the attack is accelerating at around 1,000 new repos every 30 minutes.
"This campaign continues the trend of npm supply-chain compromises referencing Shai-Hulud naming and tradecraft, though it may involve different actors," said Wiz.
New Shai-Hulud campaign shakes up tactics
This campaign adds a couple of new features, according to researchers, including execution using install lifecycle scripts and new payload files setup_bun.js and bun_environment.js.
Sign up today and you will receive a free copy of our Future Focus 2026 report - the leading resource for IT decision-maker insight on priorities and investment areas in AI, security and more.
Meanwhile, if the malware fails to authenticate or establish persistence, it attempts to destroy the victim’s entire home directory, deleting every writable file owned by the current user under their home folder.
Wiz said it's observed multiple environments where the affected packages were downloaded before their removal from npm, suggesting active exposure.
While GitHub is currently removing attacker-created repositories associated with this campaign, the threat actors continue to create new repositories as part of their ongoing activities.
Garrett Calpouzos, principal security researcher at Sonatype, said a peculiar aspect of the campaign is that it appears to be confusing AI analysis tools, largely due to the size and structure of the file.
“It’s so large that it exceeds a normal context window and the models can’t keep track of everything they're reading," he noted.
"I’ve asked both ChatGPT and Gemini to analyze it and I get different answers each time. Looking at their reasoning, they’re searching for obvious malware patterns – like calls to suspicious domains – and not finding any, so they incorrectly conclude it’s just a legitimate session or token management library."
What developers need to know
Developers should cross-reference all installed packages against the compromised list, said Aikido, and uninstall any compromised package versions immediately.
Enterprises are also advised to check GitHub accounts for unauthorized repos with "Shai Hulud: The Second Coming" in the description.
Credential rotation is another key tactic here for defenders, according to Wiz, with devs advised to check GitHub, npm, cloud, and CI/CD secrets used on any machine that installed these packages.
Elsewhere, enterprises should disable npm postinstall scripts in CI environments, enforce MFA on all GitHub and npm accounts, and stop auto-updates until verified clean.
"The timing is notable, given npm’s recent announcement that it will revoke classic tokens on December 9 after the wave of supply chain attacks," commented Charlie Eriksen, a malware researcher at Aikido.
"With many users still not migrated to trusted publishing, the attacker seized the moment for one more hit before npm’s deadline."
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
- Malware-free attacks: The threat to businesses
- Malware as a Service explained: What it is and why businesses should take note
- What is polymorphic malware?
Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.
-
The NCSC wants to build an AI-powered 'Cyber Shield' to protect the UK from hackersNews The aim is to create a national, sovereign defence capability to protect government agencies and critical infrastructure
-
IBM targets data center efficiency gains with new z17 and LinuxONE offeringsNews Cost, data center footprint, and performance improvements are coming for IBM Z and LinuxONE customers
-
Hackers are posing as Interpol to target small businesses – here's what you need to knowNews Small businesses are warned to think twice before clicking on links
-
Opera browser thinks it has the solution to stopping ClickFix malware attacksNews The browser company is targeting a growing source of malicious links with its new Paste Protect feature
-
‘Every hour ransomware goes undetected drastically increases its potential blast radius’: Hackers are breaching networks and laying low for longer – and nearly half of firms don’t realize until data is stolenNews An ExtraHop survey found more intrusions are going undetected, leading to longer dwell times
-
‘Hacking groups have the transport network firmly in their sights’: Network Rail is battling a torrent of cyber threatsNews FoI requests have revealed that the rail operator is under increasing attack, as cyber criminals set their sights on the transport sector
-
‘This operation marked a shift in strategy’: Three notorious malware networks have been taken down using RICO legislationNews The action involved the use of US racketeering laws to treat two malware families as part of a single conspiracy
-
Developers urged to remain vigilant amid continued Miasma malware risksNews The Miasma malware package uses legitimate OIDC tokens, making it indistinguishable from routine code updates
-
Claude users beware, hackers are using a fake website to dupe developers and deliver malwareNews 'Beagle' is deployed through a Dynamic Link Library (DLL) sideloading chain, and gives attackers remote access to the system
-
North Korean hackers are duping freelance developers with fake interviews to steal cryptocurrency and deliver malware — Sophos warns the 'Nickel Alley' group is using LinkedIn, Upwork, and Fiverr to target victimsNews A fake interview process uses coding tests and repo downloads to deliver malware