TL;DR

• This is a software supply chain attack: Regular users face minimal direct risk unless they work in software development or IT.

• A self-replicating worm called Shai-Hulud has infected 180+ popular npm software packages, including libraries with millions of weekly downloads.

• It steals developer credentials and spreads automatically, making it the first true worm in the JavaScript ecosystem.

• Anyone who installed affected software packages between Sept 14–16, 2025 should immediately rotate all credentials.

• Attribution is murky but linked to recent high-profile supply chain compromises.

• This marks a major escalation: automated propagation in the software supply chain.

• The attackers designed the worm so that the community will likely feel the effects of this attack for a long time

What’s a Worm, Anyway?

A worm is malicious software that spreads on its own. Unlike most malware, which needs someone to click a file or open an attachment, worms actively seek out new targets and replicate without human help.

Think of it like a digital disease: one infection quickly multiplies into thousands. That’s what makes worms so dangerous.

What Happened? The Food Warehouse Analogy

Imagine a scenario where a bad actor breaks into a major food distribution warehouse and poisons some of the food supplies. The restaurants that use ingredients from this warehouse unknowingly serve poisoned food to their diners. But here's the twist that makes this particularly insidious: the same criminals also managed to copy every single key to every restaurant that gets affected. Now they can return to any of those restaurants at any time to re-poison the food, steal from the cash register, or cause other damage—unless the restaurants change all their locks.

This is essentially what happened with the Shai-Hulud NPM worm, except instead of poisoning food, attackers poisoned software packages that millions of developers rely on. Starting around September 14-15, 2025, malicious versions of popular JavaScript packages began appearing on the NPM registry, the primary repository where developers download code libraries. Unlike typical attacks that require manual intervention, this malware operates as a true "worm" with automated propagation capabilities, continuously infecting every package a maintainer has access to.

The attack began with a package called "rxnt-authentication," which security researchers believe was "Patient Zero" for this campaign. The initial compromise likely started with a phishing email disguised as an NPM security alert, tricking a developer into revealing their credentials. Once the attackers gained access to one developer's account, the worm took over and began its automated spread.

The name "Shai-Hulud" comes from the giant sandworms in Frank Herbert's Dune novels and much like its namesake, this NPM worm is feasting on those that wander the deserts of modern, open-source software development.

Why Should You Care? Understanding Your Risk Level

The impact of this attack depends heavily on your role and organization:

High-Risk Organizations and Individuals:

• Software development companies and their employees

• IT departments that maintain internal applications

• DevOps and CI/CD pipeline operators

• Startups and tech companies using modern JavaScript frameworks

• Anyone who installed affected packages between September 14-16, 2025

Moderate Risk:

• Companies using custom web applications built during the attack window

• Organizations with internal developer tools

• Businesses that recently updated their websites or web applications

Low Risk (Most People):

• General consumers using websites and apps

• Non-technical professionals in traditional industries

• Users of established software products (unless those products were updated during the attack window)

The scope of the compromise is extensive, impacting numerous packages, including the widely used @ctrl/tinycolor library, which receives millions of weekly downloads. Security vendor CrowdStrike had nine NPM packages compromised by the Shai-Hulud malware, though they quickly removed the malicious packages and rotated their credentials.

Credential theft from this campaign can lead directly to compromise of cloud services (such as AWS, Azure, GCP), leading to data theft from storage buckets, ransomware deployment, cryptomining or deletion of production environments.

How Did This Actually Work?

The malware runs a script during package installation. Here’s the lifecycle:

1. Infection – Malicious code executes when a package is installed (Linux/macOS only).

2. Credential Theft – Scans for GitHub tokens, cloud API keys, and secrets using TruffleHog.

3. Data Leak – Creates a new public GitHub repo named “Shai-Hulud” under the victim’s account and dumps secrets.

4. Self-Propagation – Uses stolen npm tokens to push malicious updates into other packages the victim maintains.

5. Repository Hijack – Converts private repos into public “-migration” repos, potentially stealing source code.

   

The Real Danger: Long-Term Compromises

I spoke to a handful of colleagues last night about this attack, and we agreed that the overall impact of this event is likely to be felt for a long time. The reason for this is not the initial attack, but the fact that the worm was designed to publicly leak credentials for the software repositories. In fact, it allows any interested attacker to harvest these credentials and carry out attacks at a later date, here's how that would look:

Phase 1 (Already happened): NPM worm steals credentials and posts to GitHub

Phase 2 (Happening now): Automated bots scrape GitHub, building massive databases of credentials

Phase 3 (The quiet period): Attackers test credentials, map out access, and wait

Phase 4 (The hammer drops): Coordinated attacks using aged, "trusted" credentials that bypass security alerts

Attribution: A Complex Web of Connections

NPM attacks are being carried out with increasing frequency. The picture above is taken from BRACE and shows CTI community reporting on NPM incidents for the last two months. This level of activity makes the attribution picture for Shai-Hulud particularly complex, with indicators pointing to multiple related campaigns:

Connection to S1ngularity/Nx Attack

Wiz Research assesses this campaign is directly downstream of the late-August 2025 s1ngularity/Nx compromise, where initial GitHub token theft enabled the broader chain of compromise and leaking of formerly private repositories. Security outfit Wiz says the first Shai-Hulud victims were known victims of the s1ngularity attack.

Possible AI Involvement

Unit 42 assesses with moderate confidence that an LLM was used to generate the malicious bash script, based on inclusion of comments and emojis. This signifies the ever-evolving threat from malicious actors exploiting AI for malicious activity, accelerating secret sprawl.

Attribution Challenges

The use of GitHub repositories to store stolen data mirrors techniques seen in the previous NX CLI compromise. However, it's not enough to say whether these incidents are the work of the same actor. For those familiar with the Dune franchise, "Shai Hulud" is the name for the sandworm - a clear indication of the attackers' intent to create something that spreads and consumes.

For detailed technical analysis of the malware's code structure and behavior, security researchers at ReversingLabs have published an excellent technical breakdown that provides deeper insights into the worm's functionality and propagation mechanisms.

What Can You Do If You're Concerned?

Below are some steps that you can take, depending on which risk category you find yourself in. These are suggestions and every environment is unique. Please check with your security or DevOps practitioners if you have any questions or need help with any of these steps.

For High-Risk Organizations:

1. Check for Compromise Indicators: Check for any evidence of GitHub repos created within your organization's developers' private accounts named "Shai-Hulud," or private repositories with the suffix "-migration" and the description "Shai-Hulud Migration"

2. Credential Rotation (Critical): Immediately rotate all developer credentials, including npm access tokens, GitHub PATs and SSH keys, and all programmatic access keys for cloud and third-party services

3. Environment Cleanup: (to be run by actual devs [warning the sis a destructive step] only run if you know what you are doing) Remove malicious versions by running: rm -rf node_modules && npm cache clean --force

4. Audit and Monitor: Review GitHub audit logs for anomalous API usage. Monitor developer endpoints and CI/CD pipelines for suspicious API calls and unexpected child processes

For Moderate-Risk Organizations:

1. Package Audit: Review any JavaScript applications or websites updated between September 14-16, 2025

2. Vendor Communication: Contact your web development vendors or IT service providers to confirm they've checked for and addressed any potential exposure

3. Enhanced Monitoring: Implement additional monitoring for unusual network activity or unauthorized access attempts

For Everyone (General Security Hygiene):

1. Enable Multi-Factor Authentication: Teams should start enforcing hardware-based 2FA, short-lived tokens, and organization-wide review of new package versions

2. Stay Informed: Monitor security advisories from your software vendors and IT service providers

3. Update Security Practices: Consider implementing Software Bills of Materials (SBOMs) if you're in a technical role to track dependencies

Advanced Technical Recommendations for Security Practitioners

Preventive Measures:

Implement off-by-default install scripts in CI, cool-down periods before adoption, and SBOM-driven inventory with automated blocklists for enhanced protection

Incident Response:

Affected machines should be considered fully compromised, making full reinstall/reimaging the preferred remediation approach

Long-term Security Posture:

Organizations need to audit dependencies, incorporate Software Bills of Materials (SBOMs) to provide transparency and enable quick vulnerability assessments, enforce strong authentication and access controls through privileged access management, and monitor for anomalous behavior

The Bottom Line

As the first successful self-propagating attack in the npm ecosystem, this appears to be one of the most severe JavaScript supply-chain attacks observed to date. These attacks are not anomalies and will continue as long as the attack vector remains viable.

The Shai-Hulud worm represents a significant evolution in supply chain threats - moving from manual, targeted attacks to automated, self-replicating malware that can spread exponentially across the software ecosystem. While most regular users face minimal direct risk, the implications for the software development community and the broader tech ecosystem are profound.

This incident highlights the fragility of our software supply chain and represents another escalation in the arms race between attackers and defenders. Organizations that rely on modern web technologies need to fundamentally rethink their approach to dependency management and credential security.

The key lesson is clear: every dependency is executable code with production privileges the moment it hits your pipeline. In an interconnected software ecosystem, a single compromised package can become a gateway to widespread organizational compromise and with worm-like capabilities, that compromise can spread faster than ever before.

Research Sources: Palo Alto Networks Unit 42, ReversingLabs, Wiz Research, The Hacker News, SecurityWeek, Arctic Wolf, Sonatype, OX Security, JFrog
Last Updated: September 18, 2025

Thank you Readers!  If you like this newsletter please forward it to your friends and colleagues.  See you next week for our weekly edition of Prevent This and in two weeks for the next Intruvent Edge.