A new, more resilient strain of the Shai-Hulud worm, dubbed “The Golden Path,” has been detected by security researchers, indicating ongoing threats in the npm ecosystem. The malware now features cross-platform propagation and improved exfiltration methods, emphasizing the need for stricter security measures. #ShaiHulud #npmSupplyChain
Keypoints
- The Shai-Hulud worm has evolved and returned after previous destructive campaigns.
- The new strain, “The Golden Path,” can spread across multiple operating systems effectively.
- The malware exfiltrates stolen data to GitHub repositories with cryptic descriptions.
- Enhanced code obfuscation suggests access to the original source code by the attackers.
- Organizations are advised to enforce stricter security protocols such as Trusted Publishing and package-lock enforcement.
Read More: https://thecyberexpress.com/shai-hulud-golden-path-malwar-npm-supply-chain/