216.73.217.80

"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack

· Published 18/09/2025 01:15 · Modified 18/09/2025 07:26

Export JSON

Essential information

Published
18/09/2025 01:15
Modified
18/09/2025 07:26
Tags
2025-09-18 credential harvesting javascript npm phishing self-replicating shai-hulud supply-chain worm
Related entities
1 observables, 10 techniques (mitre), 1 malware

Description

A widespread software supply chain attack targeting the Node Package Manager () ecosystem has been discovered, involving a novel called "". The has compromised over 180 software packages, including widely used libraries. It operates by harvesting credentials, exfiltrating data, and automatically propagating itself through compromised developer accounts. The attack likely originated from a campaign spoofing . The malware scans for sensitive credentials, including tokens and cloud service API keys, and publicly exposes them on GitHub. This attack represents a significant evolution in supply chain threats, potentially leading to cloud service compromises, data theft, and lateral movement within networks.

External references