Shai-Hulud Worm Unleashed in Ongoing NPM Supply Chain Attack
A sophisticated supply chain attack on the NPM registry has compromised hundreds of packages, deploying the self-replicating Shai-Hulud worm to steal cloud tokens and cryptocurrency.
On September 15, the Node Package Manager (NPM) repository became the target of an ongoing supply chain attack that has already compromised hundreds of widely used JavaScript packages. According to Trend Micro Research, the attackers executed a highly targeted phishing campaign to compromise an NPM package maintainer's account, then injected malicious code into critical libraries supporting development frameworks and cryptographic functions. The affected packages have a combined global download rate exceeding 2.6 billion per week, placing a vast ecosystem of web applications and dependent projects at risk.
The attack chain began with a phishing email disguised as an NPM security alert, tricking a developer into revealing credentials. Once inside, the attackers uploaded a malicious package that, when installed, executed JavaScript and embedded Unix shell scripts to establish persistence and begin stealing information. Using stolen GitHub access tokens, the malware authenticated to the GitHub API, checked user permissions, and listed all accessible repositories—including private ones. It then cloned private repositories to attacker accounts, created new branches, and deployed malicious workflows to automate data theft.
One of the most alarming payloads is a self-replicating worm dubbed Shai-hulud, named after the sandworm from the Dune series. Unlike traditional single-use payloads, Shai-hulud introduces worm-like propagation, continuously seeking out and compromising additional packages and environments. Once a compromised package is installed, the worm automatically attempts to spread to new targets, creating a multiplying threat that does not rely on human intervention after initial deployment. The malware also downloads and installs TruffleHog to scan for and harvest additional secrets from files, then makes stolen repositories public and exfiltrates data via automated web requests.
Beyond credential theft, the attackers have used compromised packages to covertly divert cryptocurrency assets. By hijacking web APIs and manipulating network traffic, they redirected funds from legitimate channels to wallets they controlled, targeting both organizations and end-users interacting with the compromised packages. Trend Micro's telemetry indicates that organizations across North America and Europe have been among the most affected by the Cryptohijacker payload, though no detections of the Shai-hulud worm have been reported yet.
Researchers at Socket have already identified close to 500 impacted NPM packages as of September 16. StepSecurity noted that the attackers used techniques similar to those seen in the Nx supply chain attack last month, suggesting a pattern of escalating threats against the open-source ecosystem. The widespread exposure undermines trust in open-source dependencies, as hundreds of packages could have been compromised before initial detection.
Trend Micro's Trend Vision One platform detects and blocks the indicators of compromise outlined in the research, and provides customers with tailored threat hunting queries, threat insights, and intelligence reports. Organizations relying on NPM packages are urged to audit their dependencies, rotate credentials, and monitor for signs of compromise. The attack underscores the critical need for robust supply chain security measures, including multi-factor authentication, least-privilege access controls, and continuous monitoring of package integrity.