Self-Replicating Worm Targets npm Packages (Shai-Hulud)
September 25th, 2025
High
Our Cyber Threat Intelligence Unit is monitoring a widespread supply-chain compromise in the npm ecosystem, codenamed Shai-Hulud. The campaign injected a self-replicating worm payload into hundreds of npm packages (initially 180+ packages, later confirmed to exceed 500 as of September 23, 2025, according to CISA). The malicious code runs on installation via postinstall, harvesting developer and CI/CD secrets. Then, it exfiltrates the secrets to attacker-controlled infrastructure for exploitation. Using stolen credentials, the worm automatically propagates by publishing trojanized versions of other packages under the control of compromised maintainers. Confirmed high-profile packages include @ctrl/tinycolor (4.1.1, 4.1.2) and multiple @crowdstrike-scoped packages. This campaign marks a significant escalation in software supply-chain risk, shifting from static package trojans to worm-like propagation across the ecosystem.
Technical Details
Attack Type: Supply-chain compromise with self-propagating worm behavior
Severity: High.
Delivery Method: Compromised maintainer accounts publishing trojanized npm packages
Techniques:
Injection of malicious bundle.js into package postinstall scripts.
Execution of secret scanners (e.g., TruffleHog) to extract npm, GitHub, and cloud provider credentials.
API calls to validate recovered tokens.
Creation of rogue GitHub Action workflows and repos labeled “Shai-Hulud” or “-migration” for persistence and exfiltration.
Dropping helper scripts (/tmp/processor.sh, /tmp/migrate-repos.sh) during workflow execution.
Malware Behavior: The worm authenticates as compromised maintainers and republishes trojanized versions of additional packages.
Affected Components (examples):
@ctrl/[email protected], @ctrl/[email protected], [email protected], [email protected]
@crowdstrike/* packages (briefly affected)
Impact
Compromise of developer environments and CI/CD pipelines via exfiltration of NPM_TOKEN, GITHUB_TOKEN, and AWS credentials.
Persistent data theft through rogue workflows that survive cleanup.
Rapid worm-like spread across maintainers and dependent packages.
Operational disruption and reputational damage for impacted publishers (e.g., CrowdStrike packages).
Downstream risk for any organizations consuming affected package versions.
Detection Method
Monitor for unexpected postinstall executions of bundle.js.
Search GitHub for:
Repositories named “Shai-Hulud”.
Repositories with “-migration” suffix or description “Shai-Hulud Migration”.
Branches named shai-hulud.
Files named data.json containing encoded/duplicated secrets.
Audit .github/workflows/ for unauthorized workflows with external POST requests.
Hunt for CreateEvent → PublicEvent sequences in audit logs (repo flipped from private → public).
Flag outbound POST traffic to webhook[.]site/* and similar domains.
Match known malicious hashes of bundle.js in caches, SBOMs, and container images.
Indicators of Compromise
Type | Indicator | Description |
Filename | Bundle.js | Malicious payload injected into postinstall step |
SHA-256 | 46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09 | Confirmed malicious bundle.js hash |
Filename | /tmp/processor.sh | Dropped script used during workflow execution |
Filename | /tmp/migrate-repos.sh | Dropped script used for repository migration/exfiltration |
URL | https://webhook[.]site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7 | Example exfiltration endpoint (campaign uses multiple UUIDs) |
Affected Packages | @ctrl/[email protected], @ctrl/[email protected], [email protected], [email protected] | Confirmed compromised package versions |
Affected Packages | @crowdstrike/* | Multiple CrowdStrike-scoped packages briefly impacted |
Github Artifacts | Repos named Shai-Hulud; files data.json with encoded secrets | Used for persistence and secret storage |
Github Artifacts | Branch shai-hulud; repos with “-migration” suffix; repos described as “Shai-Hulud Migration” | Indicators of attacker-created repos |
Audit-log pattern | CreateEvent → PublicEvent sequence | Repo flipped from private to public during malicious migration |
Recommendations
Remove trojanized package versions from artifact repositories; pin builds to known-good versions.
Rebuild production images from clean lockfiles.
Rotate npm, GitHub, and cloud provider tokens from a clean host.
Enforce MFA / phishing-resistant 2FA for maintainers.
Audit and remove attacker-created GitHub repos and workflows.
Monitor for outbound traffic to webhook[.]site and related domains.
Deploy EDR/IDS rules to flag postinstall scripts invoking bundle.js.
Conclusion
The Shai-Hulud npm worm highlights the evolution of supply-chain compromises from isolated package trojans to automated, worm-like campaigns that amplify risk across the entire ecosystem. Rapid containment, credential rotation, and CI/CD workflow audits are critical. While atomic IOCs facilitate an immediate response, we urge organizations to implement long-term defenses, such as behavioral detection, maintainer account hardening, and proactive supply chain monitoring, to reduce risks associated with this threat.
References
https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html
https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/
https://www.wiz.io/blog/shai-hulud-npm-supply-chain-attack
https://securityonline.info/shai-hulud-supply-chain-attack-now-targets-crowdstrikes-npm-packages/