Worm Like Malware Spreads Through Trusted Build Systems
A sophisticated supply chain attack has compromised more than 170 npm packages along with two PyPI packages, putting millions of developers and their infrastructure at risk. Security researchers at JFrog identified the campaign, which they named Shai Hulud, after tracing the activity to a threat group tracked as TeamPCP. The infected packages receive over 200 million downloads each week, creating a massive potential blast radius across the software development ecosystem.
The attackers gained entry by exploiting a privileged GitHub release environment, using a workflow pattern that allowed fork controlled code to run without raising alarms. From this foothold, they poisoned a build cache entry that a later workflow restored during what appeared to be routine build activity. Once inside, the malware extracted GitHub Actions identity tokens from runner memory and exchanged them for npm publishing credentials.
Self Replicating Credential Theft Operation
The campaign operates like a worm, spreading automatically across connected accounts and services. After harvesting npm tokens and trusted publishing credentials, the malware scans for every package the victim account can publish. It rewrites those packages with malicious code, bumps version numbers, and pushes infected versions to the public registry. The malware can also request an OIDC token for the npm registry and exchange it for a publishing token, all while hiding behind the same trusted workflow identity that legitimate developers use.
The stolen credentials enable access to GitHub repositories, npm publishing rights, AWS cloud environments, and Kubernetes clusters. The malware payloads run silently inside developer machines and CI/CD pipelines, making detection difficult. JFrog researchers noted the operation mirrors hallmarks from previous TeamPCP attacks but has evolved into a self-replicating scheme designed to expand with every successful infection. Development teams should audit their npm dependencies and review CI/CD pipeline configurations for unauthorized changes.
Source: Cyber Security News
