Shai-Hulud worm clone activity on NPM
Malware Activity
Summary
Hide ▲
Show ▼
The Shai-Hulud malware activity has continued to evolve across the npm supply chain and related developer ecosystems. It first infected npm packages in September 2025, self-replicated through developer installs, and stole npm tokens, SSH keys, API keys, and other secrets before publishing stolen credentials in public GitHub repositories. In November 2025, the campaign expanded into Maven through org.mvnpm:posthog-node:4.18.1, with the same payload components linked to compromised PostHog releases and more than 28,000 affected repositories. A later May 2026 wave showed clone activity after TeamPCP released the malware source code, including malicious NPM packages that targeted Axios users, reused worm logic, and in one case pulled infected machines into a DDoS botnet.
Related Happenings
GitHub API enumeration campaign targeting corporate organizations
Campaign
H score17
First: 09.07.2026 21:38
Last: 09.07.2026 21:38
Sources 1
About this happening:
A **GitHub API reconnaissance campaign** is systematically mapping **corporate organizations**, repositories, and user accounts across multiple companies, expanding the risk of fo...
GitHub API enumeration campaign targeting corporate organizations
CampaignAbout this happening: A **GitHub API reconnaissance campaign** is systematically mapping **corporate organizations**, repositories, and user accounts across multiple companies, expanding the risk of fo...
GitHub npm version 12 hardens installs and token management
Security Tool/Service
H score11
First: 09.07.2026 19:49
Last: 09.07.2026 19:49
Sources 1
About this happening:
**GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...
GitHub npm version 12 hardens installs and token management
Security Tool/ServiceAbout this happening: **GitHub** released **npm version 12**, making install-time scripts opt-in by default and tightening **package publishing** controls to reduce **supply-chain risk**. The update al...
GitHub npm GAT publish-token mitigation guidance
Advisory/Mitigation
H score25
First: 09.07.2026 19:49
Last: 09.07.2026 19:49
Sources 1
About this happening:
GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...
GitHub npm GAT publish-token mitigation guidance
Advisory/MitigationAbout this happening: GitHub is steering **npm users** away from **long-lived publish tokens** as **npm GATs** that bypass **2FA** lose direct publishing and sensitive-management abilities. The recomme...
Malicious npm and PyPI payment SDK typosquat packages
Malware Activity
H score40
First: 09.07.2026 18:09
Last: 09.07.2026 18:09
Sources 1
About this happening:
The **17 malicious npm and PyPI packages** targeted **Paysafe, Skrill, and Neteller SDKs** to steal **system information** and **developer secrets**, then send the data to an **Ng...
Malicious npm and PyPI payment SDK typosquat packages
Malware ActivityAbout this happening: The **17 malicious npm and PyPI packages** targeted **Paysafe, Skrill, and Neteller SDKs** to steal **system information** and **developer secrets**, then send the data to an **Ng...
Malicious npm and PyPI Paysafe, Skrill, and Neteller SDK packages delivering stealer malware
Malware Activity
H score37
First: 08.07.2026 22:54
Last: 08.07.2026 22:54
Sources 1
About this happening:
Malicious **npm** and **PyPI** packages impersonating **Paysafe**, **Skrill**, and **Neteller** SDKs delivered **stealer malware** that siphoned secrets from developer environment...
Malicious npm and PyPI Paysafe, Skrill, and Neteller SDK packages delivering stealer malware
Malware ActivityAbout this happening: Malicious **npm** and **PyPI** packages impersonating **Paysafe**, **Skrill**, and **Neteller** SDKs delivered **stealer malware** that siphoned secrets from developer environment...
Timeline
-
18.05.2026 12:45 3 articles · 1mo ago
Shai-Hulud clones and malicious NPM packages surface after source-code release
Initial DisclosureShai-Hulud worm clones surfaced on GitHub only days after TeamPCP released the malware source code, and a threat actor published four malicious NPM packages targeting Axios users and the broader open source package ecosystem. One package, 'chalk-tempalte', was a direct clone of the worm and used its own C&C server and private key, while the others used typosquatting; the code stole credentials, API keys, tokens, and other secrets, republished malicious versions through victim-maintained packages, and in one case pulled infected machines into a DDoS botnet. The four packages had a combined weekly download count of over 2,600.
Show sources
- First Shai-Hulud Worm Clones Emerge — www.securityweek.com — 18.05.2026 12:45
- Shai-Hulud Worm Clones Spread After Code Release — www.darkreading.com — 18.05.2026 22:53
- Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account — thehackernews.com — 19.05.2026 07:54
-
26.11.2025 20:08 2 articles · 7mo ago
Shai-Hulud v2 expands from npm into Maven
Campaign Scope UpdateShai-Hulud v2 expanded from npm into Maven after a mirrored Maven Central artifact, org.mvnpm:posthog-node:4.18.1, was found to embed setup_bun.js and bun_environment.js, the same payload components linked to the wider campaign; the activity was also tied to compromised PostHog releases in both JavaScript/npm and Java/Maven ecosystems and to more than 28,000 affected repositories.
Show sources
- Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets — thehackernews.com — 26.11.2025 20:08
- 5 Threats That Reshaped Web Security This Year [2025] — thehackernews.com — 04.12.2025 13:30
-
23.09.2025 12:20 1 articles · 9mo ago
GitHub hardens npm publishing after Shai-Hulud
Mitigation Patch UpdateGitHub is tightening npm authentication and publishing controls in response to the Shai-Hulud supply-chain worm, deprecating legacy classic tokens and TOTP 2FA, shortening granular publishing tokens to seven days, defaulting publishing to trusted publishing or 2FA-enforced local publishing, removing the option to bypass 2FA, and expanding trusted publishing providers.
Show sources
- GitHub Mandates 2FA and Short-Lived Tokens to Strengthen npm Supply Chain Security — thehackernews.com — 23.09.2025 12:20
-
16.09.2025 17:08 1 articles · 9mo ago
Shai-Hulud worm first compromises NPM packages
Exploitation ObservedShai-Hulud infected NPM packages and began self-replicating through developer installs, stealing npm tokens, SSH keys, API keys, and other secrets before publishing stolen credentials in public GitHub repositories. The first compromised NPM package was altered around 17:58 UTC on Sept. 14, and CrowdStrike-managed packages were briefly affected before malicious versions were removed.
Show sources
- Self-Replicating Worm Hits 180+ Software Packages — krebsonsecurity.com — 16.09.2025 17:08