Roughly 640 NPM packages have been contaminated with a brand new variant of the Shai-Hulud self-replicating worm in a contemporary wave of assaults.
The primary Shai-Hulud iteration emerged in mid-September, when it contaminated over 180 packages in a provide chain assault resulting in the publicity of GitHub, NPM, AWS, and Google Cloud credentials, Atlassian keys, and Datadog API keys.
Upon execution on a sufferer’s system, the malware would seek for NPM tokens, enumerate the packages the sufferer has entry to, inject them with a post-install script to propagate itself, repackage them, after which publish the malicious bundle variations to the repository.
Inside days, the malware compromised dozens of developer accounts and revealed over 700 malicious bundle variations. It additionally harvested credentials and different secrets and techniques from the sufferer and revealed them to public repositories, and migrated non-public repositories to public ones.
Within the contemporary model of the availability chain assault, launched over the weekend, the Shai-Hulud worm is much more aggressive and has been up to date with harmful capabilities, safety researchers warn.
Not like the earlier model, the brand new Shai-Hulud samples depend on the NPM packages’ preinstall scripts for propagation, which “dramatically widens the blast radius throughout dev machines and CI/CD pipelines,” cybersecurity outfit Wiz warns.Commercial. Scroll to proceed studying.
The worm drops two information, named ‘setup_bun.js’ and ‘bun_environment.js’, which include a loader and the precise payload, respectively. In line with Wiz, it additionally provides a number of GitHub Actions workflows, together with a backdoor that helps command execution triggered through discussions within the GitHub repository.
JFrog additionally noticed {that a} system’s DNS could be hijacked following an infection and that, if the worm doesn’t discover GitHub or NPM tokens to abuse, it executes a wiping operate to delete all person information on Home windows and erase all information and empty directories on Unix-based methods.
The malware additionally launches privileged Docker containers and modifies sudoers information to achieve root entry for privilege escalation, Upwind notes.
Wiz and Upwind stated on Monday that they recognized over 25,000 malicious repositories revealed by the malware. Wiz warned that it was seeing roughly 1,000 new packages being revealed each half-hour.
The identical as in September, Shai-Hulud seeks to reap developer secrets and techniques, together with tokens, cookies, and native workspace information, which it uploads to GitHub repositories below the attackers’ management.
As ReversingLabs explains, the information exfiltration repositories related to the assault have random names and the ‘Sha1-Hulud: Second Coming’ description. The corporate has recognized 27,000 such repos.
Not like the earlier model, the brand new Shai-Hulud iteration can infect as much as 100 NPM packages maintained by any of its victims. The primary trojanized bundle distributing the worm might need been @asyncapi/specs, which has roughly 1.4 million weekly downloads, ReversingLabs says.
Aikido says it detected 36 packages from AsyncAPI that have been trojanized, and that the assault later unfold to PostHog packages, Postman packages, and plenty of others.
“Menace actors have slipped malicious code into a whole lot of NPM packages — together with main ones from Zapier, ENS, AsyncAPI, PostHog, Browserbase, and Postman. If a developer installs one among these unhealthy packages, the malware quietly runs throughout set up, earlier than something even finishes putting in,” Aikido warns. The compromised packages have a mixed month-to-month obtain rely of over 130 million.
As Upwind factors out, what makes the contemporary provide chain assault a significant risk is the pace and automation in turning every contaminated maintainer into a degree of amplification.
“Stolen tokens are reused immediately to republish malicious packages and inject rogue workflows, remodeling Shai Hulud 2.0 into an ecosystem-wide worm relatively than an remoted supply-chain incident,” Upwind notes.
In line with Sonatype principal safety researcher Garrett Calpouzos, one other worrying facet of the assault is how the huge malicious supply file that publishes harvested information to public repos confuses AI evaluation instruments.
“It’s so massive that it exceeds a standard context window and the fashions can’t maintain monitor of all the pieces they’re studying. I’ve requested each ChatGPT and Gemini to investigate it and I get completely different solutions every time. their reasoning, they’re looking for apparent malware patterns — like calls to suspicious domains — and never discovering any, so that they incorrectly conclude it’s only a respectable session or token administration library,” Calpouzos stated.
Organizations are suggested to scan their methods for indicators of compromise (IoCs), rotate probably compromised secrets and techniques (together with SSH keys, GitHub and cloud credentials, and tokens), and guarantee sturdy multi-factor authentication is enforced.
They need to additionally overview workflows and pipelines for anomalies, recreate self-hosted runners and CI brokers from clear photographs, enhance pipeline guardrails, and implement steady monitoring to detect anomalous conduct.
“To defend in opposition to this type of assault, dev and safety groups should deal with npm bundle administration and CI/CD pipelines as a part of the risk floor. This implies implementing strict token/scoped entry insurance policies, limiting or auditing lifecycle scripts (particularly preinstall/postinstall hooks), monitoring secrets and techniques in construct environments and utilizing behavioral analytics to detect uncommon GitHub Actions workflows or outbound connections from construct hosts. Given the worm‑like nature of Shai‑Hulud, time is of the essence: any delay in rotating tokens or cleansing compromised construct brokers can result in speedy unfold,” SOCRadar CISO Ensar Seker stated.
Associated: Chinese language Cyberspies Deploy ‘BadAudio’ Malware through Provide Chain Assaults
Associated: GlassWorm Malware Returns to Open VSX, Emerges on GitHub
Associated: Amazon Detects 150,000 NPM Packages in Worm-Powered Marketing campaign
Associated: 136 NPM Packages Delivering Infostealers Downloaded 100,000 Occasions
