Hundreds of trojanised copies of popular Node.js packages have been published to the npm registry in a renewed Shai‑Hulud supply‑chain campaign that aims to steal developer and CI/CD secrets and post them to GitHub.
Charlie Eriksen, a malware researcher at Aikido Security, initially identified more than 100 trojanised packages and later reported the number had risen; researchers at cloud security firm Wiz said the campaign expanded to more than 27,000 malicious packages and identified roughly 350 unique maintainer accounts, with repositories added rapidly in short periods.
The operation reuses a previously observed method: the actor automatically downloaded legitimate packages, modified package.json files to inject malicious scripts, and published trojanised versions using compromised maintainer accounts. Earlier activity attributed to Shai‑Hulud included a self‑propagating payload that used TruffleHog to search for secrets.
A technical analysis by Step Security says the payload is split across two files, one a dropper disguised as a Bun installer and a second, roughly 10MB file that uses heavy obfuscation. The report describes a large hex‑encoded data block, anti‑analysis loops and obfuscated string retrieval routines.
Wiz researchers said the malicious code runs during pre‑install, gathers environment and CI/CD secrets into files named cloud.json, contents.json, environment.json and truffleSecrets.json, and publishes them to automatically generated GitHub repositories with descriptions referencing “Sha1‑Hulud.” Eriksen warned that stolen secrets were being leaked on GitHub; at publishing time searches returned about 27,600 related entries.
Aikido published a list of compromised packages that included multiple versions associated with vendors such as Zapier, ENS Domains, PostHog and others; the affected Zapier packages form the official toolkit for building Zapier integrations and the ENS libraries are widely used by wallets and decentralized applications. The trojanised packages remain available on npm in many cases, sometimes accompanied by platform warnings, and developers have been advised to consult Aikido’s list, downgrade to safe versions and rotate secrets and CI/CD tokens.
Wiz and other researchers recommended organisations identify and replace compromised packages and rotate credentials tied to npm, GitHub and cloud providers. GitHub has been removing attacker repositories as they appear, but researchers said the actor is creating new repositories quickly and may have access to some GitHub accounts used to host the leaked files.