Mini Shai-Hulud has resurfaced as a self-replicating worm inside hundreds of npm packages, with TeamPCP using stolen tokens and CI/CD access to spread poisoned releases and persist on infected systems. The malware steals credentials, plants backdoors that survive package removal, and continues monitoring victims through services like kitty-monitor and gh-token-monitor. #MiniShaiHulud #TeamPCP #npm #AntV #TallyUI #echartsforreact #timeagojs #TanStack #UiPath #MistralAI
Keypoints
- Mini Shai-Hulud is spreading autonomously across npm packages.
- TeamPCP is linked to the latest and earlier waves of the campaign.
- The malware steals GitHub, npm, SSH, cloud, and database credentials.
- It plants persistent backdoors that remain after package removal.
- Affected packages include AntV, TallyUI, echarts-for-react, and timeago.js.
Read More: https://cyberscoop.com/mini-shai-hulud-malware-npm-packages-compromised-again/