Shai-Hulud Worm Hits 500 npm Packages — 26,000 Repositories Affected

Security researchers have identified a new wave of supply-chain attacks linked to a self-replicating worm, Shai-Hulud, which has infected nearly 500 npm packages and exposed over 26,000 open-source repositories on GitHub. The malware, discovered by Charlie Eriksen of Aikido Security, was uploaded over a three-day period and is rapidly propagating using stolen npm tokens. Major packages like Zapier, ENS Domains, PostHog, and Postman were compromised, allowing attackers to populate GitHub repositories with stolen data. Researchers warn of potential downstream exploitation due to the public exposure of credentials.

Latest mentioned: 11-24

Earliest mentioned: 11-24

Sources

wiz.io gbhackers.com thehackernews.com securityboulevard.com tenable.com bleepingcomputer.com theregister.com hackread.com thecyberexpress.com cyberscoop.com

Also Read

Sturnus: New Android Banking Trojan Targets WhatsApp, Telegram, Signal

The Android trojan Sturnus targets secure messaging apps like WhatsApp, Telegram, and Signal. It can steal banking credentials, remotely control devices, and bypass encrypted messaging by capturing on-screen content. The malware is still under development but is already targeting financial institutions in certain regions, indicating preparation for a broader campaign. Sturnus uses HTML overlays and accessibility-based keylogging to steal data and monitor user actions in real-time. It also employs screen mirroring and a fallback system for screen capture, ensuring full remote control of infected devices. The malware's sophisticated tactics include device administrator abuse and comprehensive environmental monitoring, making it a significant threat to financial security and privacy.

11-21Read more →