Skip to content
The Nexus
DossierENTITY

Mini Shai-Hulud

Coverage of Mini Shai-Hulud in the Nexus archive.

Earliest in view: Apr 29 · 16:26 UTCMost recent: Jun 26 · 11:05 UTC
Co-mentioned in this coverage
Recent coverage
  • SECURITYJun 26 · 11:05 UTCTHE HACKER NEWS
    Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack

    Miasma malware, part of the Mini Shai-Hulud, Miasma, and Hades family, has compromised new npm packages like LeoPlatform and RStreams while expanding to the Go ecosystem. The attack also involves malicious GitHub Actions workflow abuse.

  • SECURITYJun 9 · 18:05 UTCTHE REGISTER
    Miasma worms its way onto GitHub as attack kit goes open source

    The Miasma worm, a supply-chain attack toolkit, was open-sourced on GitHub via compromised developer accounts, enabling attacks on public registries and repositories. SafeDep identified the malicious repositories, which allow credential-based attacks on platforms like PyPI, npm, and GitHub, following a pattern similar to TeamPCP's earlier mini Shai-Hulud worm. The release has raised concerns about supply-chain security, with 473 affected package artifacts tracked by Socket.

  • SECURITYJun 1 · 21:54 UTCTHE REGISTER
    Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week

    Security researchers discovered malware in 32 Red Hat npm package releases, which were downloaded 80,000 times weekly. The Mini Shai-Hulud worm, linked to TeamPCP, was embedded via a compromised GitHub account, stealing credentials and enabling supply chain propagation. Red Hat removed the packages, stating they were internal and not used in customer systems.

  • SECURITYJun 1 · 17:40 UTCTHE HACKER NEWS
    Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm

    A supply chain attack named Miasma has compromised Red Hat npm packages, using a credential-stealing worm with tactics similar to the Mini Shai-Hulud campaign. The attack includes install-time execution, credential harvesting, and encrypted data exfiltration.

  • SECURITYMay 27 · 17:56 UTCTHE REGISTER
    CrowdStrike, Google shatter Glassworm botnet

    CrowdStrike, in collaboration with Google and the Shadowserver Foundation, successfully dismantled the Glassworm botnet, a credential-stealing worm targeting developers through poisoned software packages. The botnet used blockchain-based command-and-control infrastructure and Google Calendar as a backup server, but was neutralized by disrupting all four C2 channels simultaneously.

  • SECURITYMay 19 · 15:32 UTCTECHCRUNCH
    Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack

    Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack known as Mini Shai-Hulud, affecting several open source projects and their users. The campaign has already impacted various developers and companies that rely on these projects. This attack highlights the vulnerability of open source software to supply chain attacks.

  • SECURITYMay 19 · 15:28 UTCCYBERSCOOP
    Mini Shai-Hulud returns, compromising hundreds of npm packages

    A self-replicating malware campaign known as Mini Shai-Hulud has resurfaced, embedding itself across hundreds of npm packages and compromising developer environments. The threat actor behind it, TeamPCP, has been linked to earlier waves of the same campaign. The malware can spread autonomously and install persistent backdoors at the operating system level.

  • SECURITYMay 19 · 05:04 UTCHACKER NEWS
    Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised

    Mini Shai-Hulud has compromised 314 npm packages, marking a significant security incident in the technology sector. The attack highlights vulnerabilities in the npm ecosystem and potential risks for developers relying on these packages. Further analysis is required to determine the full extent of the compromise.

  • SECURITYMay 19 · 04:54 UTCTHE HACKER NEWS
    Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

    Cybersecurity researchers discovered a software supply chain attack campaign compromising npm packages associated with the @antv ecosystem, affecting packages tied to the npm maintainer account atool, including echarts-for-react. The attack is part of the ongoing Mini Shai-Hulud attack wave, impacting roughly 1.1 million weekly users. This campaign compromises various npm packages.

  • SECURITYMay 15 · 10:54 UTCTHE HACKER NEWS
    TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates

    OpenAI experienced a supply chain attack via TanStack, impacting two employee devices, but no user data or production systems were compromised. The company quickly contained and investigated the malicious activity. No intellectual property was modified.

  • SECURITYApr 30 · 23:21 UTCTHE REGISTER
    The never-ending supply chain attacks worm into SAP npm packages, other dev tools

    A new wave of supply chain attacks has targeted SAP and Intercom npm packages, as well as the lightning PyPI package, spreading credential-stealing malware named Mini Shai-Hulud. The attacks highlight ongoing vulnerabilities in developer tools and package repositories.

  • SECURITYApr 30 · 21:01 UTCDARK READING
    TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack

    Several npm packages for SAP's cloud application development ecosystem have been compromised by TeamPCP's 'Mini Shai-Hulud' supply chain attack, expanding the group's cyberattack activities.

  • SECURITYApr 29 · 16:26 UTCTHE HACKER NEWS
    SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware

    Cybersecurity researchers have identified a supply chain attack campaign targeting SAP-related npm packages with the 'Mini Shai-Hulud' credential-stealing malware. Multiple security firms, including Aikido Security, SafeDep, Socket, StepSecurity, and Wiz, reported the compromise affecting SAP's JavaScript and cloud application packages.

Mini Shai-Hulud · Dossier · The Nexus