A recent cyber attack dubbed Mini Shai-Hulud has compromised over 320 NPM packages, along with GitHub Actions and a Visual Studio Code extension, according to security researchers. This incident highlights the vulnerability of software supply chains.
NPM Maintainer Account Breach
The attack was traced back to the compromise of the NPM maintainer account ‘atool’, which managed several packages under the @antv namespace, including the widely-used timeago.js with 1.5 million weekly downloads. The compromised account was used to release malicious versions of these packages.
This breach extended its reach to popular packages like echarts-for-react, affecting a broader spectrum of applications and continuous integration environments. Microsoft issued a warning about the potential widespread impact on Tuesday.
Widespread Impact and Propagation
Security firm Socket reported that approximately 639 malicious versions spanned ecosystems in data visualization, graphing, mapping, charting, and React components. The larger campaign involved 1,055 versions across 502 unique packages, primarily affecting NPM but also incorporating PyPI and Composer.
The attack primarily targeted packages within the @antv namespace, deploying an install-time payload that initiated a multi-stage infection chain. This process involved fetching additional payloads from GitHub-hosted infrastructure, which were designed to steal credentials and ensure persistence.
Data Exfiltration and Remote Execution
The malicious code was engineered to extract sensitive data from GitHub Actions runner memory, targeting CI/CD secrets, and credentials from over 130 file paths, including cloud services and developer tools. Data exfiltration was conducted via GitHub repositories and fallback servers, linking the attack to the notorious TeamPCP group.
New to this campaign was the malware’s ability to execute Python code from attackers’ infrastructure, granting remote control over compromised systems. This capability was observed by Wiz, indicating an evolution in the attack’s complexity.
StepSecurity noted the deployment of persistent backdoors into Claude Code, and identified over 2,200 GitHub repositories containing exfiltrated data. Additionally, Microsoft’s Durabletask Python SDK was compromised, with three malicious versions uploaded to PyPI within a short timeframe.
The campaign also compromised the popular GitHub Action actions-cool/issues-helper, emphasizing the need for heightened security measures across software ecosystems.
As cyber threats continue to evolve, organizations must prioritize securing their supply chains to prevent similar incidents in the future.
