Overview of the Shai-Hulud npm Worm Attack
On November 24, 2023, the cybersecurity firm Aikido identified a significant resurgence of the Shai-Hulud self-replicating npm worm, which has compromised 492 distinct packages boasting a staggering cumulative total of 132 million monthly downloads. This sophisticated cyberattack has targeted prominent ecosystems such as AsyncAPI, PostHog, Postman, Zapier, and ENS, strategically exploiting the critical period leading up to npm’s December 9 deadline for the revocation of legacy authentication tokens.
Detection and Initial Intrusion
Aikido’s triage queue flagged the intrusion at approximately 3:16 AM UTC, when malicious versions of AsyncAPI’s go-template and an additional 36 related packages began proliferating across the npm registry. The attacker deliberately branded these compromised repositories with the description “Sha1-Hulud: The Second Coming,” maintaining a theatrical branding strategy reminiscent of the initial campaign launched in September.
Malicious Functionality and Propagation Mechanisms
The worm is engineered to install the Bun runtime during its package installation phase. Subsequently, it executes malicious code designed to probe developer environments for exposed secrets utilizing TruffleHog—a tool specifically tailored for secret detection. The compromised credentials—including API keys, GitHub tokens, and npm credentials—are then disseminated across randomly named public repositories. Notably, this iteration of the worm exhibits a marked increase in its propagation scale, attempting to introduce infected versions into as many as 100 additional packages—an escalation that is fivefold compared to the previous September attack.
Technical Evolution and Destructive Payload
The November variant of the worm introduces several notable modifications that enhance its operational effectiveness and destructiveness:
- The malware now generates repositories with randomly assigned names for the storage of stolen data, as opposed to using static names. This alteration significantly hinders efforts aimed at repository takedown.
- The setup code is executed via
setup_bun.js, which installs Bun prior to executing the core payload encapsulated withinbun_environment.js. This file contains both the worm’s logic and its credential-exfiltration routines. - The most alarming addition is a functionality that triggers a complete wipe of all files within the user’s home directory if the malware fails to authenticate with GitHub or npm using pilfered credentials.
Aikido’s forensic analysis indicates that certain execution errors have constrained the attack’s potential spread. Specifically, the bundling code responsible for replicating the full worm into new packages occasionally fails to include bun_environment.js, leaving only the Bun installation script active without its accompanying malicious payload. Nevertheless, despite these limitations, initial breaches have targeted high-value entities with substantial downstream ramifications.
Targeted Packages and Ecosystem Impact
The initial wave of attacks predominantly compromised AsyncAPI packages, with 36 releases affected—including @asyncapi/cli, @asyncapi/parser, and @asyncapi/generator. Following this breach, PostHog was attacked at 4:11 AM UTC, resulting in infected versions of posthog-js, posthog-node, and numerous plugins being disseminated. A subsequent compromise within Postman packages was recorded at 5:09 AM UTC.
The attack also extended to Zapier’s offerings, affecting @zapier/zapier-sdk, zapier-platform-cli, and zapier-platform-core. Concurrently, ENS was compromised with breaches in @ensdomains/ensjs, @ensdomains/ens-contracts, and ethereum-ens.
Repository-Level Access Implications
The AsyncAPI team discovered a malicious branch within their CLI repository that was created just prior to the emergence of compromised packages on npm. This branch contained a deployed variant of the Shai-Hulud malware, indicating that the attacker had attained write access to the repository itself rather than merely hijacking npm tokens. Such an escalation mirrors techniques employed during earlier compromises, notably in the original Nx incident where attackers modified source repositories to inject malicious code into authentic build pipelines.
Aikido estimates that approximately 26,300 GitHub repositories currently harbor stolen credentials characterized by the label “Sha1-Hulud: The Second Coming.” These repositories encompass secrets derived from developer environments that executed compromised packages, including cloud service credentials, CI/CD tokens, and authentication keys pertinent to third-party APIs. The public exposure of these leaks exacerbates potential damage; any adversary monitoring these repositories can harvest credentials in real time and initiate subsequent attacks.
Temporal Context and Mitigation Strategies
The timing of this attack coincides ominously with npm’s announcement on November 15 regarding its impending revocation of classic authentication tokens effective December 9. The attacker’s strategic decision to launch a comprehensive campaign prior to this deadline implies an acute awareness of an impending cessation in opportunities for token-based compromises. Aikido’s timeline indicates that the first wave of Shai-Hulud commenced on September 16; thus, the November 24 “Second Coming” represents a final attempt by attackers to exploit legacy tokens before npm’s migration effectively terminates such access.
Recommendations for Security Teams
Aikido strongly advises security teams to undertake comprehensive audits of all dependencies sourced from impacted ecosystems—most notably those associated with Zapier, ENS, AsyncAPI, PostHog, and Postman—that were installed or updated post-November 24. Essential mitigation actions include:
- Rotating all GitHub, npm, cloud service, and CI/CD secrets utilized within environments where these packages were present.
- Searching GitHub for repositories containing references to “Sha1-Hulud: The Second Coming” to ascertain whether internal credentials have been exposed.
- Disabling npm postinstall scripts within CI pipelines to prevent any future execution at install time.
- Pursuing package version pinning through lock files to minimize exposure risks associated with newly compromised releases.
In conclusion, this latest iteration of the Shai-Hulud worm serves as a stark reminder of the vulnerabilities inherent in software supply chains and underscores the critical importance of proactive security measures within development ecosystems.
