Self-propagating malware targets GitHub and NPM ecosystems

On September 16, 2025, security researchers confirmed another widespread supply chain attack targeting the Node Package Manager (NPM) ecosystem. It began with the compromise of the popular @ctrl/tinycolor package and rapidly expanded to affect over 187 packages, including those maintained by CrowdStrike, NativeScript, and others.

The malware used TruffleHog, a legitimate secret scanning tool, to extract secrets from environment variables and cloud metadata endpoints. It created unauthorized GitHub repositories named “Shai-Hulud” and injected shai-hulud-workflow.yml files to automate exfiltration.

Using valid NPM tokens, the malware republished compromised packages and enumerated additional targets via the NPM registry API. GitHub personal access tokens enabled lateral movement across repositories. Cloud SDKs for Amazon Web Services and Google Cloud Platform were loaded to access secrets managers and escalate privileges.

Stay on top of emerging threats like this.

Sign up to receive a weekly roundup of our security intelligence feed. You'll be the first to know of emerging attack vectors, threats, and vulnerabilities. 

Sign up

Analyst insight

This attack builds on other recent incidents targeting developer identity through phishing and credential theft.

Unlike earlier incidents, Shai-Hulud is not targeting a single maintainer, but automates lateral movement across compromised accounts, using harvested credentials to infect additional packages and GitHub repositories.

In addition, the use of legitimate tools like TruffleHog to scan for secrets and the deployment of GitHub Actions workflows to automate propagation and persistence both increase the attack surface and reduce the time required to compromise multiple ecosystems.

Finally, the move from cryptocurrency wallet theft in the earlier attacks to cloud infrastructure access shows threat actors shifting their focus towards CI/CD pipelines and cloud-native environments, possibly pivoting to enterprise environments.

Security teams are advised to remove affected packages, audit dependencies, and downgrade to safe versions published before September 15, 2025. Inspect GitHub repositories for unauthorized “Shai-Hulud” repos or branches labeled “-migration.”

We recommend also reviewing audit logs for anomalous API activity and monitoring CI/CD workflows for suspicious behavior. Revoke and regenerate all exposed credentials, including GitHub tokens, NPM tokens, SSH keys, and cloud access keys.