Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

Cyber-crime

Popular JavaScript modules including size-sensor and echarts-for-react hit as hijacked account closed GitHub warnings

Updated: An npm account compromise infected 314 npm packages with malware, including size-sensor, echarts-for-react, timeago.js,
and packages scoped to @antv, in a 22-minute burst of activity in the early hours of Tuesday morning.

The most popular impacted package is size-sensor, downloaded
4.2 million times per month, followed by echarts-for-react (3.8 million), @antv/scale
(2.2 million) and timeago.js (1.15 million).

The compromised account, i@hust.cc, belongs to a developer based in
Hangzhou, China. Security researcher Nicholas Carlini reported the malware on GitHub, and the the hust.cc account closed the issues and marked them as “fixed” within an hour. This means the malware report on this
and other repositories is hidden unless a developer looks for closed issues. 

Some malicious package versions have been deprecated on npm with the message “this
version was published in error, please use the latest version instead,”
while others have been removed.

Security biz SafeDep reported
on the malware and analyzed the payload, which uses the same structure as that
used to compromise SAP packages three weeks ago.

The malware reads environment variables and scans files to
find credentials for GitHub, npm, cloud platforms including AWS, Microsoft
Azure, and Google Cloud, Docker, Stripe, and more. The code also
attempts to escape container boundaries. Stolen secrets are exfiltrated to a
new GitHub repository. 

The malware injects settings files into other local
projects on a developer machine, for execution by Claude Code or Codex, and further abuses GitHub as a C2 (command-and-control) backdoor via malicious
repositories and Python code that downloads and executes content from them.

According to SafeDep, “the attacker automated the
entire wave using a stolen token.”

Developers who have installed compromised package versions are advised to rotate all credentials accessible
from the build environment, check for unauthorized GitHub repositories, and
remove malicious systemd services on Linux. Maintainers and package publishers
are at greatest risk as they may find further malicious packages published via
their own credentials.

This attack comes shortly after another Shai-Hulud incident reported yesterday, and more can be expected.

Although
other package repositories such as PyPI and RubyGems have also seen malware published to them, npm remains the biggest target and, for now, appears to be the worst affected. npm, owned by Microsoft subsidiary GitHub, has said little about the current wave.

In September last
year, a post outlining a plan
for a more secure npm supply chain was intended to “address a
surge in package registry attacks,” during what now looks like the early phase of Shai-Hulud, but the actions taken so far have not prevented further incidents. ®

Updated to add on May 20:

The code shack got in touch to say: “GitHub is committed to investigating reported security issues. We are monitoring the situation and disabling malicious npm packages in accordance with GitHub’s Acceptable Use Policies, which prohibit posting content that directly supports unlawful active attack or malware campaigns that are causing technical harms.”

It added: “We have teams dedicated to detecting, analyzing, and removing content and accounts that violate our policies. We employ manual reviews and at-scale detections that use machine learning and constantly evolve to mitigate malicious usage of the platform. We also encourage customers and community members to report abuse and spam.”
The company also referred us to its April post  on best security practice for developers.