Here's what happening the last 72-hours: 700+ Packages Compromised from Shai-Hulud 2.0 Worm (November 25, 2025)

1. Executive Summary

• Shai-Hulud 2.0 npm worm strikes again: Major supply-chain attack compromises 700+ npm packages including Zapier, ENS Domains, PostHog, Postman, and AsyncAPI. Self-replicating malware infected 25,000+ GitHub repositories within 72 hours, exfiltrating developer secrets at scale.

• Attack sophistication increases: New variant executes during preinstall phase (vs. postinstall previously), spreads to 100 packages per infection (up from 20), and includes destructive wiper capabilities if authentication fails.

• Massive credential exposure: 775+ GitHub tokens, 373 AWS credentials, 300 GCP credentials, and 115 Azure credentials confirmed compromised and published to public repositories marked "Sha1-Hulud: The Second Coming."

• Timing exploits npm deadline: Attack launched days before npm's December 9 deadline to revoke legacy classic tokens, targeting environments still using deprecated authentication methods.

2. Latest Confirmed Incidents (Past 24h)

Shai-Hulud 2.0 (Sha1-Hulud) npm Supply-Chain Worm

What happened: Self-replicating npm worm compromised maintainer accounts and published trojanized versions of legitimate packages. Malware executes during preinstall phase, harvests secrets using TruffleHog, exfiltrates to attacker-controlled GitHub repos, then self-replicates by publishing new malicious packages using stolen npm tokens.

Affected ecosystem: npm, GitHub, CI/CD pipelines

Severity and impact:

• CRITICAL - Active ongoing campaign

• 700+ npm packages compromised (492 confirmed by Aikido, 2,167 total observed by Sonatype)

• 25,000+ GitHub repositories created containing exfiltrated secrets

• 132 million monthly downloads across affected packages

• Attack velocity: ~1,000 new infected repos every 30 minutes at peak

Compromised packages include:

• Zapier: @zapier/babel-preset-zapier, @zapier/ai-actions, zapier-platform-cli, zapier-platform-core, zapier-platform-schema

• ENS Domains: @ensdomains/ensjs, @ensdomains/ens-contracts, @ensdomains/thorin, 50+ ENS packages

• PostHog: posthog-js, posthog-node, 80+ PostHog packages

• Postman: @postman/tunnel-agent, @postman/node-keytar, 20+ Postman packages

• AsyncAPI: @asyncapi/cli, @asyncapi/parser, @asyncapi/specs, 40+ AsyncAPI packages

• Browserbase: Multiple packages compromised

Known IOCs:

• Malware files: setup_bun.js (SHA1: d1829b4708126dcc7bea7437c04d1f10eacd4a16), bun_environment.js (SHA1: d60ec97eea19fffb4809bc35b91033b52490ca11, 3d7570d14d34b0ba137d502f042b27b0f37a59fa)

• GitHub repositories with description: "Sha1-Hulud: The Second Coming"

• Exfiltrated data files: cloud.json, contents.json, environment.json, truffleSecrets.json, actionsSecrets.json

• GitHub workflow: .github/workflows/discussion.yaml (backdoor persistence mechanism)

Timeline:

• Nov 21, 2025: Initial package compromises begin

• Nov 23, 2025: Trojanized packages published to npm

• Nov 24, 2025 03:16 UTC: First detected malicious packages (AsyncAPI, go-template)

• Nov 24, 2025 04:11 UTC: PostHog packages compromised

• Nov 24, 2025 05:09 UTC: Postman packages compromised

• Nov 24-25: GitHub actively removing attacker repos; npm removing malicious versions

3. Threat Activity & Techniques

Attacker sophistication evolution:

• Improved automation: Worm now infects up to 100 packages per compromised environment (previously 20), enabling exponential growth

• Expanded execution surface: Moved to preinstall lifecycle scripts, executing earlier in dependency chain and affecting more build/runtime environments

• Cross-victim exfiltration: Secrets from one victim exfiltrated to GitHub repos owned by unrelated second victim, obfuscating attribution

• Destructive capabilities: New wiper function deletes all files in user's home directory if GitHub/npm authentication fails

• Persistence mechanisms:

  • Creates self-hosted GitHub Actions runner named "SHA1HULUD"

  • Deploys vulnerable discussion workflow allowing remote code execution via GitHub discussions

  • Docker privilege escalation attempts (docker run --privileged)

• Cloud credential harvesting: Targets AWS, Azure, GCP via bundled cloud SDKs, scrapes local config files, queries IMDS endpoints, dumps secrets from AWS Secrets Manager, Google Secret Manager, Azure Key Vault

• CI/CD awareness: Detects CI environment variables (BUILDKITE, GITHUB_ACTIONS, CIRCLE_SHA1, etc.) and adapts behavior, runs synchronously in CI to maintain runner connection, backgrounded on dev machines to avoid suspicion

AI evasion: Sonatype reports both ChatGPT and Gemini incorrectly classified malicious payloads as safe due to >200,000 lines of obfuscated code exceeding LLM context windows—indicating adversaries are actively designing payloads to evade AI-based detection.

Attribution note: Possibly different threat actor than original September 2025 Shai-Hulud campaign due to differences in payload structure and TTPs, though leveraging same naming convention.

4. Notable CVEs & Vulnerabilities

No new CVEs directly associated with this incident. Attack leverages compromised maintainer credentials and social engineering, not technical vulnerabilities in npm registry or package managers.

Related context: npm announced deprecation of classic tokens with forced revocation scheduled for December 9, 2025, likely motivation for timing of this attack.

5. Defensive Actions

Immediate response (if potentially affected):

1. Audit npm activity: Review all dependencies updated since November 21, 2025. Check for affected packages via:

   • Wiz IOC list (700+ packages)

   • Sonatype tracking ID: sonatype-2025-007248

   • Generate SBOM and cross-reference

2. Search for compromise indicators:

   • GitHub repos with "Sha1-Hulud: The Second Coming" or "Sha1-Hulud" in description

   • Presence of files: setup_bun.js, bun_environment.js, cloud.json, truffleSecrets.json

   • Suspicious workflows in .github/workflows/discussion.yaml

   • Self-hosted GitHub Actions runners named "SHA1HULUD"

   • Unauthorized npm package publishes under your org

3. Credential rotation (mandatory):

   • Revoke and regenerate ALL npm tokens, GitHub PATs, SSH keys

   • Rotate cloud provider credentials (AWS access keys, GCP service accounts, Azure service principals)

   • Rotate CI/CD secrets and tokens

   • Enforce phishing-resistant MFA (FIDO2/WebAuthn) on GitHub and npm accounts

4. Package remediation:

   • Clear npm cache: npm cache clean --force && rm -rf node_modules

   • Pin dependencies to known-clean versions (pre-Nov 21, 2025)

   • Review package-lock.json for unexpected version changes

   • For affected packages: Check vendor advisories (PostHog, Postman have published incident reports)

Proactive hardening:

• Restrict lifecycle scripts: Disable or sandbox preinstall, install, postinstall hooks in CI/CD (use --ignore-scripts flag)

• Network segmentation: Limit outbound network access from build systems to trusted domains only

• Short-lived tokens: Use scoped, time