The Shai-Hulud 2.0 worm exploited the NPM ecosystem to leak information and infect packages, leading to a $8.5 million theft from Trust Wallet. This industry-wide supply chain attack affected multiple sectors, highlighting the need for better security measures. #ShaiHulud #TrustWallet #NPM #SupplyChainAttack
Keypoints
- The Shai-Hulud worm targeted the NPM registry, causing widespread data leaks and infections.
- Trust Wallet suffered an $8.5 million heist due to a supply chain attack involving malicious Chrome extensions.
- Hackers exploited leaked GitHub secrets and API keys to distribute malicious versions of extensions.
- The malware evolved into Shai-Hulud 3.0, with enhanced capabilities to exfiltrate credentials and secrets.
- Users are advised to update affected software and rotate credentials to mitigate ongoing threats.
Read More: https://www.securityweek.com/shai-hulud-supply-chain-attack-led-to-8-5-million-trust-wallet-heist/