Threat actors published 639 malicious npm package versions across 323 packages in the Shai-Hulud supply-chain campaign, mainly compromising the @antv ecosystem and using stolen secrets from developer and CI/CD environments. The malware exfiltrates credentials through Session P2P and GitHub, creates rogue repositories under victim accounts, and may appear legitimate by generating valid Sigstore provenance attestations. #ShaiHulud #antv #npm #GitHub #Session
Keypoints
- More than 600 malicious npm packages were published in about one hour.
- The attack heavily targeted the @antv ecosystem and also hit other popular packages.
- The payload steals GitHub, npm, cloud, Kubernetes, Vault, Docker, database, and SSH credentials.
- Stolen data was exfiltrated through Session P2P and sometimes uploaded to GitHub repositories under victim accounts.
- The malware can self-propagate and abuse OIDC tokens to create valid Sigstore provenance attestations.