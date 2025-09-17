Security researchers worldwide are warning about a supply-chain attack on the Node Package Manager (NPM), where a self-replicating and credential-harvesting attack is spreading through the ecosystem.

When the malware detects GitHub credentials it can abuse, it creates public repositories called “Shai-Hulud” containing a dump of all the secrets (i.e. keys and passwords) that it harvested.

Shai-Hulud is the indigenous name of the sandworms in Frank Herbert’s seminal science fiction novel, Dune.

In computer security, a worm is a type of self-replicating malware. It differs from a virus in that worms do not need a host system and can spread between systems and networks without user action.

The worm began spreading on 16 September 2025, when malicious versions of multiple popular packages were published to NPM.

NPM is a tool and registry of code packages included in the Node.js JavaScript runtime environment. It allows programmers to easily include code written by others in their projects.

Owned by GitHub since 2020, NPM says more than 17 million developers worldwide rely on it. “NPM is a critical part of the JavaScript community and helps support one of the largest developer ecosystems in the world.”

Cloud security company Wiz explained that the compromised NPM packages contained a post-install script that harvested and exfiltrated sensitive data.

“Once a version of one of the malicious packages is installed, the included payload uses the TruffleHog secret scanning tool,” said Wiz.

TruffleHog identifies secrets, in addition to harvesting environment variables and IMDS-exposed cloud keys when available.

“Beyond data theft, the malware exhibits worm-like behaviour,” Wiz stated.

“When a compromised package encounters additional npm tokens in its environment, it will automatically publish malicious versions of any packages it can access — spreading across the NPM ecosystem.”

Socket.dev, which specialises in defending against supply-chain attacks, reported that Shai-Hulud briefly compromised at least 25 code packages managed by CrowdStrike. NPM quickly removed the affected packages.

CrowdStrike is a cybersecurity vendor that sells software and services to help organisations protect themselves against cyberattacks, including emergent new threats like ransomware.

It made headlines last year when a malformed update sent Windows computers around the world protected by its software into a Blue Screen of Death boot loop.

The impact was widespread, with several critical sectors experiencing outages. Capitec in South Africa and several global airlines were among those affected.

Linked to earlier attack on NPM

In addition to the CrowdStrike-maintained code in NPM, dozens of other packages were compromised by Shai-Hulud.

“This attack is a self-propagating worm,” said Wiz.

“When a compromised package encounters additional NPM tokens in a victim environment, it will automatically publish malicious versions of any packages it can access.”

Wiz Research believes the Shai-Hulud attack is tied to the recent s1ngularity/Nx supply chain attack, where initial GitHub token theft enabled a broader chain of compromise and leaking of formerly private repositories.

While the Nx attack was not self-replicating, Wiz found that the initial npm packages that started this chain reaction included multiple known-compromised victims of the s1ngularity attack.