The software supply chain ecosystem faced another severe threat as security researchers at Aikido Security detected a second wave of the notorious Shai-Hulud malware campaign on November 24, 2025. This sophisticated attack compromised 425 npm packages with a combined 132 million monthly downloads, marking one of the most significant supply chain incidents of the year.

Shai-Hulud Supply Chain Attack

The anatomy of a Monday morning nightmare

The discovery unfolded during routine monitoring when Charlie Eriksen, a malware researcher at Aikido Security, noticed a cascade of alerts indicating suspicious package activity. What initially appeared as potential false positives quickly revealed themselves as genuine Shai-Hulud indicators, signaling the return of a threat actor previously thought to be dormant. The timing proved particularly devastating as the attack unfolded over just a few hours, spreading rapidly through the npm ecosystem before defensive measures could be fully deployed.

The compromised packages included critical infrastructure from major technology companies and popular open-source projects. Among the victims were packages from Zapier, ENS Domains, AsyncAPI, PostHog, and Postman, representing essential tools used by developers worldwide. The breadth of the compromise demonstrated sophisticated planning and execution that exploited inherent trust relationships within the package management ecosystem.

Attack Timeline

How the worm spreads through your dependencies

The malware operates through a two-stage deployment mechanism that leverages the natural package installation process as its primary infection vector. Initially, the attack injects a file named setup_bun.js into compromised packages. This staging code acts as the first-stage payload, establishing a foothold within the target environment. The malicious script executes during package installation, a common process that typically goes unscrutinized by developers focused on application development rather than dependency security.

Following successful deployment of the initial staging code, the malware attempts to install the core worm component, bun_environment.js. This second-stage payload contains the primary malicious functionality, including credential harvesting and lateral movement capabilities. However, analysis revealed that the attackers made critical implementation errors. The bundling logic for bun_environment.js contains conditional statements that sometimes fail to execute properly, resulting in incomplete infections where only the staging code gets deployed.

Worm Propagation Mechanism

Security researchers noted that these implementation flaws significantly limited the attack’s potential impact. Many compromised packages contained only the initial staging code without the fully functional worm, reducing the immediate threat while still representing a serious security concern. This pattern suggests either rushed development or inadequate testing by the threat actors, though the overall sophistication of the campaign indicates experienced adversaries who may refine their techniques in future iterations.

The secret exfiltration playbook

One of the most alarming aspects of this Shai-Hulud variant involves its approach to stolen data management. The malware systematically harvests environment variables, authentication tokens, API keys, and other sensitive credentials from infected systems. Rather than transmitting this data to traditional command-and-control servers, the attackers employed a brazen technique that leverages GitHub itself as the exfiltration platform.

Compromised credentials get published to newly created GitHub repositories with randomly generated names. Each repository carries a distinctive signature in its description reading “Sha1-Hulud: The Second Coming,” a clear calling card from the attackers. At the time of detection, Aikido Security identified approximately 26,300 repositories containing exfiltrated data, representing an unprecedented scale of credential exposure.

This approach offers several advantages to the attackers. Using GitHub as infrastructure provides excellent availability, blends malicious traffic with legitimate platform usage, and complicates takedown efforts due to the distributed nature of the data. The technique also demonstrates increasing sophistication in supply chain attacks, where adversaries leverage trusted platforms to obscure their activities and extend the lifespan of their campaigns.

Patient zero and the cascade effect

Timeline analysis identified the attack’s initial compromise occurring at 03:16 AM GMT on November 24, 2025. The first affected packages included go-template and 36 packages from the AsyncAPI organization. Within approximately 55 minutes, the malware had propagated to PostHog packages, with Postman packages following roughly an hour later. This rapid spread illustrates the exponential nature of supply chain attacks, where a single compromised package can quickly cascade through interconnected dependency trees.

The attack targeted specific high-value ecosystems rather than spreading indiscriminately. Major package families from Zapier, ENS Domains, PostHog, Postman, and AsyncAPI represented the primary victims, though hundreds of smaller packages also fell victim. The selection pattern suggests the attackers prioritized packages with large downstream dependency chains, maximizing the potential reach of their malware while targeting environments likely to contain valuable credentials.

Organizations using affected packages faced immediate remediation challenges. Beyond simply removing compromised dependencies, teams needed to rotate all potentially exposed credentials, audit systems for unauthorized access, and implement enhanced monitoring for signs of persistent compromise. The security community mobilized quickly, with Aikido Security and other firms providing detection tools and remediation guidance to affected organizations.

Defending against the second coming

The Shai-Hulud resurgence underscores critical vulnerabilities in modern software development practices. Organizations relying on the npm ecosystem must implement comprehensive supply chain security measures, including dependency scanning, package integrity verification, and runtime monitoring for anomalous behavior.

The incident reveals broader challenges facing the open-source ecosystem. Package maintainers often operate with limited security resources, making them attractive targets for sophisticated threat actors. The npm platform itself continues enhancing security features, but the fundamental trust-based model of package distribution creates inherent risks that require vigilance from all participants in the software supply chain.

As this developing story continues to unfold, organizations should audit their dependency chains, verify the integrity of installed packages, and maintain heightened alertness for indicators of compromise. The Shai-Hulud campaign demonstrates that supply chain attacks represent an evolving threat requiring continuous adaptation of defensive strategies and sustained collaboration across the security community.