Threat Research

Mitigating Risks from the Shai-Hulud NPM Worm

ZScaler
Mitigating Risks from the Shai-Hulud NPM Worm

ReversingLabs discovered the Shai-Hulud self-replicating worm in the npm registry that hijacks maintainer accounts, injects post-install malicious scripts, and trojanizes packages to steal tokens, keys, and other secrets while propagating across the ecosystem. Hundreds of packages (including @ctrl/tinycolor, ngx-bootstrap, and ng2-file-upload) and over 500 versions were compromised, with exfiltration to attacker-controlled webhooks and GitHub repositories named Shai-Hulud. #Shai-Hulud #@ctrl/tinycolor

Keypoints

  • Shai-Hulud is a self-replicating worm discovered in the npm registry that spreads by hijacking maintainer accounts and publishing infected package versions.
  • More than 200 npm packages and over 500 compromised versions were identified between September 14–18, 2025, including widely used packages like ngx-bootstrap, ng2-file-upload, and @ctrl/tinycolor.
  • The worm uses a malicious post-install script that runs TruffleHog to harvest tokens, API keys, environment variables, and cloud credentials, then exfiltrates data to attacker-controlled webhooks and GitHub repos named Shai-Hulud.
  • In addition to credential theft, Shai-Hulud publishes infected versions of victim-owned packages, injects malicious GitHub workflows, and can convert private repositories to public access to accelerate propagation.
  • Build environments and CI/CD systems are at particular risk from leaked credentials and injected workflows; end-user applications are less directly affected but may be exposed indirectly.
  • Recommended mitigations include revoking exposed tokens (npm, GitHub PATs, cloud keys), using private registry proxies and SCA tools, clearing caches and reinstalling clean packages, and enabling MFA across platforms.
  • Organizations should treat impacted systems as compromised, update supply chain response playbooks, restrict build environment internet access, and reinforce developer secret-handling and phishing defenses.

MITRE Techniques

  • [T1059] Command and Scripting Interpreter – Used via a malicious post-install script that executes TruffleHog and other actions to harvest secrets and perform propagation. Quote: ‘plants a malicious post-install script.’
  • [T1086] PowerShell (or scripting) – Scripted actions perform credential theft and package publishing (post-install script runs tooling like TruffleHog to extract secrets). Quote: ‘When executed, the script executes several actions: Uses TruffleHog to steal sensitive data…’
  • [T1005] Data from Local System – The worm harvests sensitive tokens, API keys, environment variables, and cloud credentials from build environments and repositories. Quote: ‘steal sensitive data, such as tokens, API keys, environment variables, and cloud credentials.’
  • [T1041] Exfiltration Over C2 Channel – Exfiltrated data is sent to threat actor-controlled webhooks and GitHub repositories named Shai-Hulud. Quote: ‘Sends exfiltrated data to threat actor-controlled webhooks and GitHub repositories named Shai-Hulud.’
  • [T1609] Container Administration Command – The worm publishes infected versions of packages owned by compromised accounts, automating propagation across the npm ecosystem. Quote: ‘Publishes infected versions of all packages owned by the victim.’
  • [T1611] Container Image Discovery (analogy to repository tampering) – Injects malicious workflows and converts private repositories to public access to increase visibility and spread. Quote: ‘Injects malicious workflows and converts private repositories to public access.’
  • [T1531] Account Manipulation – Hijacking of maintainer accounts and unauthorized publishing of package versions to propagate the worm. Quote: ‘hijacking maintainer accounts and injecting malicious code into public and private packages.’

Indicators of Compromise

  • [File name] Malicious post-install and workflow artifacts – example: bundle.js, shai-hulud-workflow.yml
  • [Package names] Compromised npm packages – example: @ctrl/tinycolor (versions 4.1.1, 4.1.2), ngx-bootstrap, ng2-file-upload
  • [Repository name] Attacker-controlled GitHub repositories – example: repositories named Shai-Hulud (used for exfiltration)
  • [Network endpoint] Exfiltration webhook endpoints – example: webhook[.]site (used to receive stolen data)
  • [Other hashes] Malicious package versions and additional artifacts – examples include hundreds of compromised package versions (and 2 more hashes)

Read more: https://www.zscaler.com/blogs/security-research/mitigating-risks-shai-hulud-npm-worm

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint