Filtered copy of malware known as Shai-Hulud He has already jumped from the public repository to real life: security researchers have found malicious packages published in the npm record containing code designed to steal credentials, secrets and data from cryptographic wallets, and in one case turn the infected machine into an agent for DDoS attacks.
The mechanism used by the attackers combines old but effective techniques: typosquating (names similar to legitimate packages) to attract accidental downloads and repackaging of filtered code without even obuscarso. This facilitates the recognition by other criminals and, in turn, reduces the need for advanced skills to deploy mass exfiltration campaigns.
The real risk here is not only the number of downloads - which can be reduced in a particular lot - but the impact on supply chains: a developer who incorporates a compromised dependency in a construction environment or CI can expose keys with publication permits, APIs or tokens that are then automatically published in public repositories controlled by the attacker. This "automatic publication" behavior amplifies the gap by converting stolen secrets into accessible and traceable information.
From the operational point of view, malicious packages combine two types of threat. On the one hand, information theft functions that explore directories, configuration files and processes to extract credentials. On the other hand, modules that implement attack capabilities: HTTP saturation, TCP / UDP floods and TCP resets to form a bots network. The coexistence of both functionalities transforms an incident of the escape of secrets into a platform for continuous offensive actions.
If you manage projects that use npm, the first priority is to assume that any unverified dependence can be a vector. You must immediately remove any suspicious package, revoke and rotate associated credentials and tokens, and check if your systems have uploaded artifacts or secrets to public repositories. It is also appropriate to proactively block the command and control domains and hosts identified by the researchers to limit exfiltration.
In terms of detection, look for Node processes, unusual outgoing connections and self-created repositories in GitHub that contain files with credentials names. Independencies analysis tools and code secret scanning are useful, but not infallible: it adds controls on your pipelines that prevent the execution of postinstall third party scripts without approval and uses white list policies for critical packages.
To reduce the attack surface sustainably, it is essential to apply minimum privilege principles to tokens and keys, activate multifactor authentication in critical accounts, and use automatic rotation mechanisms. It is also recommended to use signature version and verification locks where possible, and to enrich your CI / CD telemetry to detect package facilities in unplanned phases.
The community and platforms have responsibilities: public repositories must improve the mechanisms for automatic detection of typosquatting patterns and exfilter behaviour, and maintainers must document procedures for the management of dependency incidents. Meanwhile, development teams must operate under the premise that third-party software is a risk that should be mitigated with additional control layers.
If you want to read the technical analysis that motivated these recommendations, the findings of the researchers are published in the security blog that detected the malicious loads: OXsecurity - Shai-Hulud report. For a practical guide on good safety practices when using npm, see official documentation: NPM - safety and good practice.
The lesson is clear: malicious code leaks do not stay on paper. They replicate and integrate into development ecosystems that depend on thousands of packages. The only effective defense combines the hygiene of credentials, strict control of dependencies and continuous visibility of what is performed in your construction and production environments.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...