Shai-Hulud keeps burrowing: 314 npm packages infected after another account compromise

An npm account compromise infected 314 npm packages with malware, including size-sensor, echarts-for-react, timeago.js, and packages scoped to @antv, in a 22-minute burst of activity in the early hours of Tuesday morning. The most popular impacted package is size-sensor, downloaded 4.2 million times per month, followed by echarts-for-react (3.8 million), @antv/scale (2.2 million) and timeago.js (1.15 million). The compromised account, i@hust.cc, belongs to a developer based in Hangzhou, China. Security researcher Nicholas Carlini reported the malware on GitHub, and the the hust.cc account closed the issues and marked them as "fixed" within an hour. This means the malware report on this and other repositories is hidden unless a developer looks for closed issues. Some malicious package versions have been deprecated on npm with the message "this version was published in error, please use the latest version instead," while others have been removed. Security biz SafeDep reported on the malware and analyzed the payload, which uses the same structure as that used to compromise SAP packages three weeks ago. The malware reads environment variables and scans files to find credentials for GitHub, npm, cloud platforms including AWS, Microsoft Azure, and Google Cloud, Docker, Stripe, and more. The code also attempts to escape container boundaries. Stolen secrets are exfiltrated to a new GitHub repository. The malware injects settings files into other local projects on a developer machine, for execution by Claude Code or Codex, and further abuses GitHub as a C2 (command-and-control) backdoor via malicious repositories and Python code that downloads and executes content from them. According to SafeDep, "the attacker automated the entire wave using a stolen token." Developers who have installed compromised package versions are advised to rotate all credentials accessible from the build environment, check for unauthorized GitHub repositories, and remove malicious systemd services on Linux. Maintainers and package publishers are at greatest risk as they may find further malicious packages published via their own credentials. This attack comes shortly after another Shai-Hulud incident reported yesterday, and more can be expected. Although other package repositories such as PyPI and RubyGems have also seen malware published to them, npm remains the biggest target and, for now, appears to be the worst affected. npm, owned by Microsoft subsidiary GitHub, has said little about the current wave. In September last year, a post outlining a plan for a more secure npm supply chain was intended to "address a surge in package registry attacks," during what now looks like the early phase of Shai-Hulud, but the actions taken so far have not prevented further incidents. The Register asked GitHub to comment.(R)