DSA-2025-1124

Active supply chain attack in npm dubbed "Shai-Hulud 2.0" or "SHA1-HULUD". Compromised maintainer accounts were used to publish trojanized versions of legitimate npm packages between November 21-23, 2025.

Unlike the earlier Shai-Hulud variant, this campaign executes malicious code during the preinstall phase (rather than postinstall), significantly increasing exposure in build and runtime environments. The malware executes via new payload files setup_bun.js and bun_environment.js.

The attack exfiltrates developer and CI/CD secrets to GitHub repositories with descriptions referencing "Shai-Hulud: The Second Coming". Over 25,000 affected repositories were created across ~350 unique GitHub users, with 1,000 new repositories added every 30 minutes during initial hours.

The malware creates multiple malicious GitHub workflows: (1) A backdoor workflow registering infected machines as self-hosted runners named 'SHA1HULUD' with a discussion.yaml workflow containing injection vulnerabilities allowing arbitrary command execution; (2) A formatter_123456789.yml workflow that exfiltrates all GitHub secrets as artifacts.

The malware targets AWS, Azure, and GCP credentials from local config files, environment variables, and cloud metadata services. It also attempts Docker privilege escalation via container breakout to gain root access. Exfiltrated data includes cloud.json, contents.json, environment.json, truffleSecrets.json, and actionsSecrets.json.

This campaign affects multiple popular packages from Zapier, ENS Domains, PostHog, Postman, AsyncAPI, and other ecosystems. The blast radius is extensive given the widespread use of many affected packages.

Recommended actions: remove compromised package versions, clear npm cache, reinstall from clean lockfiles, rotate all credentials (npm tokens, GitHub PATs, SSH keys, cloud provider credentials), audit for unauthorized GitHub workflows and repositories with "Shai-Hulud" references, and harden CI/CD pipelines by restricting lifecycle scripts.