Cybersecurity experts have identified a new modification of the Shai Hulud malware strain embedded in npm packages, demonstrating increased obfuscation and evasion tactics. Additionally, a malicious Maven package exploiting typosquatting techniques has been taken down, highlighting supply chain security challenges. #ShaiHulud #MavenMalware
Keypoints
- A new strain of Shai Hulud has been detected in the npm package β@vietmoney/react-big-calendar,β with increased obfuscation and error handling.
- The malware can weaponize npm tokens to escalate access by replicating malicious changes across popular packages.
- Recent modifications include renamed payload files, better error management, and removal of the βdead man switchβ feature.
- A malicious Maven package mimics the legitimate Jackson JSON library and delivers platform-specific Cobalt Strike payloads.
- Security experts suggest improved review processes for high-value namespaces in package repositories to prevent similar attacks.
Read More: https://thehackernews.com/2025/12/researchers-spot-modified-shai-hulud.html