Cybersecurity experts have uncovered a new software supply chain attack, affecting npm packages linked to the @antv ecosystem. This incident is part of the ongoing Mini Shai-Hulud attack series.
Scope of the Attack
The compromised packages are tied to the npm maintainer account ‘atool’. Among them is ‘echarts-for-react’, a popular React wrapper for Apache ECharts with approximately 1.1 million weekly downloads. Affected packages include @antv/g2, @antv/g6, @antv/x6, and others. Additionally, packages outside the @antv namespace, such as ‘timeago.js’ and ‘canvas-nest.js’, have also been impacted.
The attack employs a similar strategy to Mini Shai-Hulud, where a maintainer account is hacked to distribute trojanized versions of software swiftly. This campaign continues to infiltrate open-source registries, embedding credential-stealing code into numerous software tools.
Impact on the Software Ecosystem
The potential impact is considerable due to the popularity of the affected packages in data visualization and React component ecosystems. Even if a fraction of these packages receive malicious updates, the widespread usage could result in significant downstream exposure, affecting organizations that automatically update dependencies.
The attacker has released 639 malicious versions across 323 unique packages, including 558 versions within 279 unique @antv packages. The payload targets over 20 types of credentials, including AWS, Google Cloud, and GitHub, among others. The malware attempts to exfiltrate data to a specific domain, using a GitHub token as a fallback to store data in a public repository under the victim’s account.
Ongoing Threat and Mitigation
The malware includes npm propagation logic, validating stolen tokens through the npm registry API, downloading package tarballs, injecting malicious payloads, and republishing them with higher version numbers. This automated process was executed in a brief 22-minute window, affecting 314 packages.
The Mini Shai-Hulud campaign is believed to be orchestrated by TeamPCP. Recently, the source code was made public for a supply chain attack contest, potentially enabling other threat actors to replicate these attacks. This open-sourcing lowers the barrier for exploiting sophisticated techniques like OIDC token abuse.
The campaign highlights the risk of trusted tools being compromised within enterprise networks, facilitating credential theft and further exploitation. Organizations using GitHub Actions, Docker Hub, and other cloud-connected services are particularly vulnerable.
As the situation evolves, cybersecurity firms emphasize the need for vigilance and enhanced security measures to protect against such widespread threats.
