Mini Shai-Hulud worm (TeamPCP) compromised 200+ npm packages via CI/CD hijacking, targeting TanStack, Mistral AI, and others. Attack executed at install time, bypassing SLSA provenance and harvesting credentials from dev workstations/cloud environments. Destructive persistence triggered on token revocation.

In brief - A self-propagating npm worm attributed to TeamPCP leveraged stolen tokens and GitHub Actions abuse to compromise 200+ packages, exfiltrating credentials via dead-drops and threatening system wipes. Critical gaps in SLSA provenance and package signing enabled the attack.

Technically - Mini Shai-Hulud exploited `pull_request_target` workflows, cache poisoning, and OIDC token extraction to inject malicious `router_init.js` payloads at install time. The 2.xMB obfuscated JS targeted 100+ credential paths (GitHub/npm tokens, cloud creds, Kubernetes configs) across macOS/Linux/Windows. Exfiltration used Session Protocol, GitHub GraphQL dead-drops, and a typosquatted domain (`git-tanstack.com`). Persistence via systemd/LaunchAgents and IDE hooks, with destructive triggers tied to token revocation. Propagation scaled by infecting all packages owned by compromised maintainers.

Source: https://guardz.com/blog/shai-hulud-strikes-again/

#Cybersecurity #ThreatIntel