Mini Shai-Hulud Worm Infects Hundreds of npm Packages in AntV Ecosystem
A worm named Mini Shai-Hulud has infected hundreds of npm packages within Alibaba's AntV ecosystem, marking the largest npm supply-chain attack wave to date.
A worm named Mini Shai-Hulud has infected hundreds of npm packages within Alibaba's AntV ecosystem, marking the largest npm supply-chain attack wave to date. The worm spreads by compromising package dependencies and propagating malicious code through the npm registry, according to researchers.
The attack targets the AntV ecosystem, a popular set of data visualization libraries for JavaScript. By infecting dependencies, the worm can automatically propagate to downstream packages, amplifying its reach. This automated worm behavior represents a significant escalation in supply-chain attack techniques, as it can spread without manual intervention.
The incident highlights the growing risk of automated worm attacks targeting JavaScript package ecosystems. Unlike traditional supply-chain attacks that rely on manual insertion of malicious code, Mini Shai-Hulud operates autonomously, compromising packages and then using them to infect others. This self-propagating mechanism makes it particularly dangerous and difficult to contain.
Researchers have not yet identified the initial vector of infection, but the worm's ability to spread through the npm registry suggests that it may have exploited vulnerabilities in the registry's security controls or used stolen credentials to publish malicious packages. The scale of the attack—hundreds of packages—indicates a coordinated and automated campaign.
The AntV ecosystem is widely used in enterprise applications, particularly in China and globally for data visualization. The compromise of these packages could affect numerous downstream applications, potentially leading to data theft, code execution, or further malware distribution. Users of AntV packages are advised to audit their dependencies and check for signs of compromise.
Alibaba and npm maintainers are likely investigating the incident and working to remove the malicious packages. However, the worm's automated nature means that new malicious packages may continue to appear. This incident underscores the need for stronger security measures in package registries, including automated scanning, dependency verification, and rapid response mechanisms.
The Mini Shai-Hulud worm is named after the sandworms from the Dune series, reflecting its ability to burrow through the dependency tree. This attack follows a pattern of increasing supply-chain attacks on open-source ecosystems, including recent incidents targeting PyPI, RubyGems, and other registries. The security community is calling for enhanced collaboration between registry maintainers, security researchers, and the open-source community to defend against such threats.
Microsoft Security Blog has now published a detailed technical analysis of the Mini Shai-Hulud campaign, revealing that the malicious payload is a 499 KB obfuscated JavaScript file executed during npm install. The analysis shows the payload targets credentials from six platforms—GitHub Actions, AWS, HashiCorp Vault, npm, Kubernetes, and 1Password—and includes capabilities such as runner process memory scraping, SLSA provenance forgery, and dual-channel exfiltration via HTTPS and the Git Data API. The @antv maintainers have confirmed the situation is resolved.