Supply Chain Attack: Self-Replicating Worm Compromises Over 180 NPM Packages
A novel, self-replicating worm dubbed “Shai-Halud” has impacted over 180 NPM (Node Package Manager) software packages, exploiting exposed credentials to spread through the software supply chain. The attack, first detected around September 14th at 17:58 UTC, demonstrates a cascading infection pattern, leveraging stolen NPM authentication tokens to compromise maintainer accounts and inject malicious code into their packages.
The worm operates by initially searching a developer’s machine for exposed credentials and access tokens using tools like TruffleHog.It then attempts to create new github Actions and publish stolen secrets. Once a package is compromised, the worm spreads by adding its code to the top 20 packages within the victim’s account, creating a “cascading effect” as described by Ashish Bunch of stepsecurity, who wrote, “This creates a cascading effect where an infected package leads to compromised maintainer credentials, which in turn infects all other packages maintained by that user.”
CrowdStrike was among the first to detect the malicious activity, identifying compromised packages within the public NPM registry. The company swiftly removed the affected packages and rotated its keys in public registries, stating, “These packages are not used in the Falcon sensor, the platform is not impacted and customers remain protected.” They are currently working wiht NPM and conducting a thorough investigation. Socket.dev reported that at least 25 NPM packages managed by CrowdStrike were briefly compromised.
StepSecurity’s analysis revealed the malware specifically targets cloud environments, enumerating secrets related to AWS, Azure, and Google Cloud Platform. The worm is designed to function on Linux and macOS systems, deliberately bypassing Windows environments.
As of the latest reports, the worm’s propagation appears to have slowed, though not ceased entirely. Eriksen of Aikido noted, “I still see package versions popping up once in a while, but no new packages have been compromised in the last ~6 hours,” but cautioned that the attack could reignite, describing it as a “living” thing capable of dormancy and resurgence. The web address used by the attackers for data exfiltration has been temporarily disabled due to rate limits.
Nicholas Weaver, a researcher with the International Computer Science Institute, characterized Shai-Halud as “a supply chain attack that conducts a supply chain attack.” He advocates for immediate changes to NPM’s publication model,urging a shift to a system requiring explicit human consent for every publication request,enforced with a “phish-proof 2FA method.” weaver stated, “Anything less means attacks like this are going to continue and become far more common, but switching to a 2FA method would effectively throttle these attacks before they can spread. Allowing purely automated processes to update the published packages is now a proven recipe for disaster.”
