Shai-Hulud

Shai-Hulud is a self-propagating software supply chain threat actor/campaign focused primarily on the npm ecosystem and adjacent GitHub infrastructure. The content describes multiple iterations and related branding including Shai-Hulud, Shai-Hulud 2.0, Sha1-Hulud, Mini Shai-Hulud, and “Shai-Hulud: The Third Coming,” with some reporting also linking activity to TeamPCP or describing TeamPCP as an overlapping or related campaign. Shai-Hulud is not described in the content as a confirmed nation-state actor. Across the reporting, Shai-Hulud compromised npm maintainer accounts and publishing workflows, including npm Trusted Publishing/OIDC paths, to publish trojanized package versions. The malware commonly used preinstall or postinstall hooks to execute loaders that fetched or invoked Bun, Node.js, or Rust-based payloads. Observed behavior included harvesting GitHub Personal Access Tokens via gh auth token, stealing npm tokens, SSH keys, cloud credentials, API keys, Kubernetes and Vault secrets, and other developer and CI/CD secrets from local files, environment variables, metadata services, and in some cases GitHub Actions runner memory. Several reports note use of TruffleHog for secret reconnaissance. Propagation was worm-like: stolen GitHub and npm credentials were reused to compromise additional repositories and packages owned by victims, leading to large-scale spread. The content states the original September 2025 Shai-Hulud outbreak compromised more than 500 npm packages, with one source noting more than 180 packages in under 24 hours, while later reporting on Shai-Hulud 2.0 describes more than 700 npm packages and over 25,000 GitHub repositories affected. Exfiltration and command-and-control repeatedly leveraged trusted GitHub infrastructure, including attacker-created public or private repositories, GitHub APIs, commit-search dead-drop resolvers, and persistent self-hosted GitHub Actions runners registered to compromised repositories. One report states Shai-Hulud used self-hosted runners as a covert C2 channel through github.com. The content also describes later variants and related compromises affecting packages such as Bitwarden CLI, SAP-related npm packages, and intercom-client, with shared traits including Bun-based loaders, obfuscated JavaScript payloads, GitHub-based exfiltration, repository poisoning, commit identity spoofing, and ideological branding such as Dune-themed repository names and a “Butlerian Jihad” manifesto. Mini Shai-Hulud is described as branding used in a campaign that appeared on more than 1,197 victim accounts. Shai-Hulud 2.0 is described as using malicious preinstall scripts, setup_bun.js and bun_environment.js, and registering infected machines as self-hosted GitHub Actions runners named SHA1HULUD. Targets were developers, open-source maintainers, CI/CD environments, GitHub repositories, and downstream users of compromised npm packages. Reported impacts included theft of developer credentials, cloud access, CI/CD secrets, persistence in repositories and workflows, and downstream compromise of software consumers. The content further states that the November 2025 Shai-Hulud 2.0 outbreak was likely responsible for the compromise of Trust Wallet’s Chrome extension and theft of approximately $8.5 million in assets.