The Shai-Hulud 2.0 npm Worm: A Deep Dive into One of the Largest Supply Chain Attacks Ever

Why the Shai-Hulud 2.0 npm Worm Matters?

The Shai-Hulud 2.0 npm worm represents a shocking escalation in software supply chain attacks, a malware campaign that doesn't just lie dormant in one package, but self-propagates like a biological worm, infecting npm packages, harvesting credentials, and compromising developer environments and CI/CD systems at massive scale.

Unlike traditional malware that relies on command and control servers or manual operator interaction, this worm operates autonomously, leveraging developers own credentials to publish further infected packages and expand its reach. These traits make it one of the most dangerous JavaScript ecosystem attacks ever observed, with consequences for both application security and cloud infrastructure risk.

What Is the Shai-Hulud 2.0 npm Worm?

Shai-Hulud 2.0 is a self-replicating malware worm targeting the npm ecosystem - a centralized registry of JavaScript libraries used in millions of projects worldwide.

Key Traits of the Worm:

1. Supply Chain Compromise: Attackers inject malicious code into legitimate npm packages and republish them to the official registry.

2. Self-Propagation without C2: After infection, the worm uses the victim's npm or GitHub credentials to publish new malicious versions of packages automatically, enabling exponential spread.

3. Credential Harvesting & Exfiltration: Once executed, the malware scans for sensitive credentials such as GitHub tokens, npm tokens, cloud provider keys (AWS, GCP, Azure), and CI/CD secrets, exfiltrating them to public repositories created by the worm.

4. Preinstall Execution: Unlike earlier versions, Shai-Hulud 2.0 uses npm’s preinstall script hook, meaning it executes before installation even starts

5. Destructive Fallback: If it cannot propagate or exfiltrate data, the worm may attempt to delete the user's home directory, adding a ransomware-like destructive element.

Technical Breakdown: How the Worm Works

1. Initial Package Compromise

   1. Attackers gain access to package maintainer accounts, often through stolen credentials, phishing, or compromised CI/CD automation tokens.

   2. Once access is obtained, the attacker injects malicious files into existing packages, typically:

      1. setup_bun.js

      2. bun_environment.js

      3. And adds a preinstall script that executes automatically when npm install runs.

2. Malware Execution on Client Systems

   1. During installation, the preinstall script triggers installation of Bun (an alternative JavaScript runtime used to evade Node.js focused detection).

   2. Execution of the obfuscated payload (bun_environment.js), which begins scanning the environment for credentials.

3. Credential Harvesting

   1. The worm leverages tools like TruffleHog or custom scanning logic to search for:

      1. NPM authentication tokens

      2. GitHub personal access tokens

      3. AWS, Azure, GCP keys

      4. SSH keys

      5. CI/CD environment variables

4. Exfiltration to Public GitHub Repositories

   1. Using harvested GitHub credentials, the malware

      1. Creates public repositories associated with victims accounts

      2. Names them with campaign markers like "Sha1-Hulud: The Second Coming"

      3. Publishes credential dumps and environment snapshots

5. Autonomous Replication

   1. Using the victim's npm credentials, the worm:

      1. Identifies packages the user is authorized to publish

      2. Injects malicious files into those packages

      3. Publishes new versions to npm

   2. If the worm fails to propagate or find credentials, a built-in "scorched earth" fallback may erase the user's home directory

Real-World Impact & Case Study

Multiple security vendors and researchers including Wiz, Microsoft, Datadog, and Palo Alto Unit 42 have documented Shai-Hulud 2.0 as one of the largest and most aggressive supply chain compromises in the npm ecosystem.

Statistics & Scope

• ~800 npm packages compromised 

• Over 25,000+ infected GitHub repositories discovered in rapid spread

• Developer secrets leaked in thousands of public repos

• Compromise of CI/CD pipelines

Indicators of Compromise (IOCs)

1. Known artifact files:

   1. setup_bun.js

   2. bun_environment.js

   3. Unexpected preinstall scripts in trusted packages

2. Newly created repos with names or descriptions containing "Shai-Hulud" or variants

3. CI/CD signals

   1. Unexpected self-hosted runners named like SHA1HULUD

   2. Unauthorized pipeline triggers or workspace modifications

Mitigation & Prevention: Reducing Supply Chain Risk

1. Use package lockfiles to ensure only vetted versions are installed.

2. Rotate API tokens and keys frequently

3. Restrict workflow permissions

4. Code review enforcement before automated script runs

5. Disable auto-execution of untrusted scripts

6. Incorporate tools that scan dependencies for malicious code

7. Use npm’s new trusted publisher model or scoped publish access to limit the blast radius if compromise occurs.

The Shai-Hulud 2.0 npm worm represents an inflection point in software supply chain threats, a malware that thinks like a worm, exploits trusted developer credentials, and leverages modern CI/CD workflows to spread far beyond a single machine or package.

For developers and security teams alike, this campaign underscores a powerful truth: your software supply chain is only as secure as the weakest process in your pipeline. By combining rigorous dependency management, credential hygiene, CI/CD hardening, and proactive monitoring, organizations can reduce exposure to this new breed of automated, credential-stealing worms.

Happy cyber-exploration! 🚀🔒

Note: Feel free to drop your thoughts in the comments below - whether it's feedback, a topic you'd love to see covered, or just to say hi! Don’t forget to join the forum for more engaging discussions and stay updated with the latest blog posts. Let’s keep the conversation going and make cybersecurity a community effort!

-AJ