A new wave of the Shai-Hulud–style supply-chain attack has trojanized hundreds of npm packages—including widely used components from Zapier, ENS Domains, PostHog, and Postman—resulting in more than 25,000 GitHub repositories populated with stolen secrets. Beginning on November 24, the attacker leveraged compromised maintainer accounts to publish malicious package versions that execute credential-stealing code during the preinstall phase, enabling theft across developer machines and CI/CD pipelines. The campaign spreads rapidly, with roughly 1,000 new exfiltration repositories generated every 30 minutes, and exhibits cross-victim leakage: one organization’s credentials are regularly published into unrelated victims’ GitHub accounts. Despite ongoing mitigation efforts and the removal of most malicious versions from npm, the attack continues to surface new compromised packages and abuse leaked GitHub and cloud credentials.
The malware introduces expanded functionality compared to earlier Shai-Hulud variants. It creates multiple payload files (e.g., setup_bun.js, bun_environment.js) and exfiltrates secrets into attacker-controlled GitHub repos using automated workflows. Two malicious GitHub Actions workflows serve as core components: one harvests all repository secrets and uploads them as artifacts, while another deploys a persistent backdoor by registering compromised machines as self-hosted runners triggered by GitHub Discussions. Beyond code-ecosystem abuse, the malware targets AWS, GCP, and Azure credentials, dumping cloud secrets and attempting privilege escalation through IAM manipulation and Docker-based container breakout techniques. By November 27, researchers had identified hundreds of valid cloud credentials, nearly 800 GitHub access tokens, and widespread duplication of sensitive data across thousands of attacker-created repos, indicating active exploitation at scale.