500+ npm Packages Compromised in Ongoing Supply Chain Attack ‘Shai-Hulud’

The compromised variants contain a function (NpmModule.updatePackage) that retrieves a package tarball, alters the package.json file, embeds a local script (bundle.js), reassembles the archive, and republishes it, automating the trojanization process for dependent packages.

Upon installation, the bundle.js script automatically executes. It downloads and runs TruffleHog, a legitimate secret scanning tool, to search the host system for tokens and cloud credentials. The script then validates developer and CI credentials, injects a GitHub Actions workflow into repositories, and transmits the findings to a predefined webhook.

The script scans for sensitive environment variables like GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, and AWS_SECRET_ACCESS_KEY. It also probes cloud metadata endpoints, which can expose ephemeral credentials within cloud-based build environments.

❗UPDATE Sep 18, 2025❗
Following the original report by Socket[1], the number of malware-infected packages has continued to rise, now exceeding 500. Notably, this includes compromised packages associated with CrowdStrike.

This attack demonstrates a substantial escalation in scale, sophistication, and impact. While the adversaries follow many of the same tactics as the original campaign, they’ve significantly advanced their approach, transforming it into a fully autonomous worm. The malware performs the following actions automatically:

• Harvests secrets and publicly exposes them on GitHub
• Executes TruffleHog and queries cloud metadata endpoints to extract sensitive credentials
• Attempts to inject a GitHub Actions workflow designed to exfiltrate data via webhook[.]site
• Enumerates all accessible GitHub repositories for the compromised user and forcibly makes them public

A standout trait of this attack is its worm-like behavior. Instead of relying on a single infected package, it automatically propagates across all npm packages owned by the compromised maintainer, using the following logic:

• Fetches a target tarball from the npm registry
• Modifies package.json by bumping the patch version and adding a postinstall hook
• Injects its payload (bundle.js) into the archive
• Re-publishes the trojanized package using the maintainer’s credentials

This self-replication cycle turns every published package into a new infection vector, spreading the worm deeper into the ecosystem with each installation.

Affected Products

❗UPDATE Sep 18, 2025❗
The original list of the 40 affected npm packages and versions, for a complete list of all affected packages and versions visit this article by Socket[2].

angulartics2@14.1.2
@ctrl/deluge@7.2.2
@ctrl/golang-template@1.4.3
@ctrl/magnet-link@4.0.4
@ctrl/ngx-codemirror@7.0.2
@ctrl/ngx-csv@6.0.2
@ctrl/ngx-emoji-mart@9.2.2
@ctrl/ngx-rightclick@4.0.2
@ctrl/qbittorrent@9.7.2
@ctrl/react-adsense@2.0.2
@ctrl/shared-torrent@6.3.2
@ctrl/tinycolor@4.1.1, @4.1.2
@ctrl/torrent-file@4.1.2
@ctrl/transmission@7.3.1
@ctrl/ts-base32@4.0.2
encounter-playground@0.0.5
json-rules-engine-simplified@0.2.4, 0.2.1
koa2-swagger-ui@5.11.2, 5.11.1
@nativescript-community/gesturehandler@2.0.35
@nativescript-community/sentry 4.6.43
@nativescript-community/text@1.6.13
@nativescript-community/ui-collectionview@6.0.6
@nativescript-community/ui-drawer@0.1.30
@nativescript-community/ui-image@4.5.6
@nativescript-community/ui-material-bottomsheet@7.2.72
@nativescript-community/ui-material-core@7.2.76
@nativescript-community/ui-material-core-tabs@7.2.76
ngx-color@10.0.2
ngx-toastr@19.0.2
ngx-trend@8.0.1
react-complaint-image@0.0.35
react-jsonschema-form-conditionals@0.3.21
react-jsonschema-form-extras@1.0.4
rxnt-authentication@0.0.6
rxnt-healthchecks-nestjs@1.0.5
rxnt-kue@1.0.7
swc-plugin-component-annotate@1.9.2
ts-gaussian@3.0.6

Exploitation

Truesec has detected exploitation in the SOC.
Exploitation has also been detected out in the wild.

Recommended Actions

• Truesec recommends that you disable “postinstall” to reduce the risks of being exploited by a malware similar to this one.
• Uninstall or pin to known-good versions until patched releases are verified.
• Audit environments (CI/CD agents, developer laptops) that installed the affected versions for unauthorized publishes or credential theft.
• Rotate npm tokens and other exposed secrets if these packages were present on machines with publishing credentials.
• Monitor logs for unusual npm publish or package modification events.
  Detection

Senior analysts are conducting threat hunting for all Truesec SOC customers for the malware as a potential sign of active exploitation.
Affected customers will be notified.

❗UPDATE Sep 18, 2025❗
Indicators of Compromise:

bundle.js SHA-256:
de0e25a3e6c1e1e5998b306b7141b3dc4c0088da9d7bb47c1c00c91e6e4f85d6
81d2a004a1bca6ef87a1caf7d0e0b355ad1764238e40ff6d1b1cb77ad4f595c3
83a650ce44b2a9854802a7fb4c202877815274c129af49e6c2d1d5d5d55c501e
4b2399646573bb737c4969563303d8ee2e9ddbd1b271f1ca9e35ea78062538db
dc67467a39b70d1cd4c1f7f7a459b35058163592f4a9e8fb4dffcbba98ef210c
46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09
b74caeaa75e077c99f7d44f46daaf9796a3be43ecf24f2a1fd381844669da777

Exfiltration endpoint: hxxps://webhook[.]site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7

References

[1] https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages
[2] https://socket.dev/blog/ongoing-supply-chain-attack-targets-crowdstrike-npm-packages#:~:text=Compromised%20Packages%20and%20Versions