Sha1-Hulud has launched a sophisticated supply-chain attack targeting npm packages used by JavaScript developers, infecting nearly 1,000 packages and exposing tens of thousands of repositories. The latest campaign includes new features like cross-platform support, a self-destruct mechanism, and remote code execution via GitHub Actions, increasing the threatβs severity. #Sha1Hulud #npmSupplyChainAttack
Keypoints
- Sha1-Huludβs attack involves trojanized npm packages containing malicious scripts.
- The malware exfiltrates sensitive credentials and uploads them to a publicly accessible GitHub repository.
- The campaign spreads by infecting maintained npm packages and forcing automatic updates in development environments.
- It includes a self-destruct feature that deletes local files irreversibly if the attack is discovered.
- Cybercriminals leverage GitHub Actions to execute malicious code remotely on infected systems.