Mini Shai-Hulud
Coverage of Mini Shai-Hulud in the Nexus archive.
- Miasma Malware Targets npm Packages and GitHub Actions in Supply Chain Attack
Miasma malware, part of the Mini Shai-Hulud, Miasma, and Hades family, has compromised new npm packages like LeoPlatform and RStreams while expanding to the Go ecosystem. The attack also involves malicious GitHub Actions workflow abuse.
- Miasma worms its way onto GitHub as attack kit goes open source
The Miasma worm, a supply-chain attack toolkit, was open-sourced on GitHub via compromised developer accounts, enabling attacks on public registries and repositories. SafeDep identified the malicious repositories, which allow credential-based attacks on platforms like PyPI, npm, and GitHub, following a pattern similar to TeamPCP's earlier mini Shai-Hulud worm. The release has raised concerns about supply-chain security, with 473 affected package artifacts tracked by Socket.
- Shai-Hulud malware worms Red Hat npm package versions downloaded 80K times a week
Security researchers discovered malware in 32 Red Hat npm package releases, which were downloaded 80,000 times weekly. The Mini Shai-Hulud worm, linked to TeamPCP, was embedded via a compromised GitHub account, stealing credentials and enabling supply chain propagation. Red Hat removed the packages, stating they were internal and not used in customer systems.
- Miasma Supply Chain Attack Compromises Red Hat npm Packages with Credential-Stealing Worm
A supply chain attack named Miasma has compromised Red Hat npm packages, using a credential-stealing worm with tactics similar to the Mini Shai-Hulud campaign. The attack includes install-time execution, credential harvesting, and encrypted data exfiltration.
- CrowdStrike, Google shatter Glassworm botnet
CrowdStrike, in collaboration with Google and the Shadowserver Foundation, successfully dismantled the Glassworm botnet, a credential-stealing worm targeting developers through poisoned software packages. The botnet used blockchain-based command-and-control infrastructure and Google Calendar as a backup server, but was neutralized by disrupting all four C2 channels simultaneously.
- Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack
Hackers have compromised dozens of popular open source packages in an ongoing supply chain attack known as Mini Shai-Hulud, affecting several open source projects and their users. The campaign has already impacted various developers and companies that rely on these projects. This attack highlights the vulnerability of open source software to supply chain attacks.
- Mini Shai-Hulud returns, compromising hundreds of npm packages
A self-replicating malware campaign known as Mini Shai-Hulud has resurfaced, embedding itself across hundreds of npm packages and compromising developer environments. The threat actor behind it, TeamPCP, has been linked to earlier waves of the same campaign. The malware can spread autonomously and install persistent backdoors at the operating system level.
- Mini Shai-Hulud Strikes Again: 314 npm Packages Compromised
Mini Shai-Hulud has compromised 314 npm packages, marking a significant security incident in the technology sector. The attack highlights vulnerabilities in the npm ecosystem and potential risks for developers relying on these packages. Further analysis is required to determine the full extent of the compromise.
- Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
Cybersecurity researchers discovered a software supply chain attack campaign compromising npm packages associated with the @antv ecosystem, affecting packages tied to the npm maintainer account atool, including echarts-for-react. The attack is part of the ongoing Mini Shai-Hulud attack wave, impacting roughly 1.1 million weekly users. This campaign compromises various npm packages.
- TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates
OpenAI experienced a supply chain attack via TanStack, impacting two employee devices, but no user data or production systems were compromised. The company quickly contained and investigated the malicious activity. No intellectual property was modified.
- The never-ending supply chain attacks worm into SAP npm packages, other dev tools
A new wave of supply chain attacks has targeted SAP and Intercom npm packages, as well as the lightning PyPI package, spreading credential-stealing malware named Mini Shai-Hulud. The attacks highlight ongoing vulnerabilities in developer tools and package repositories.
- TeamPCP Hits SAP Packages With 'Mini Shai-Hulud' Attack
Several npm packages for SAP's cloud application development ecosystem have been compromised by TeamPCP's 'Mini Shai-Hulud' supply chain attack, expanding the group's cyberattack activities.
- SAP npm Packages Compromised by “Mini Shai-Hulud” Credential-Stealing Malware
Cybersecurity researchers have identified a supply chain attack campaign targeting SAP-related npm packages with the 'Mini Shai-Hulud' credential-stealing malware. Multiple security firms, including Aikido Security, SafeDep, Socket, StepSecurity, and Wiz, reported the compromise affecting SAP's JavaScript and cloud application packages.