Husain Parvez
Published on: September 19, 2025
A large-scale supply chain attack has compromised over 180 NPM packages, including the widely used @ctrl/tinycolor, which alone sees over 2 million weekly downloads. The malware, dubbed “Shai-Hulud,” propagates automatically and targets developer environments to steal sensitive credentials.
The attack was first detected on September 14 and rapidly escalated across the JavaScript ecosystem. Researchers at StepSecurity and Socket.dev flagged the compromised versions, with Socket confirming that “@ctrl/tinycolor versions 4.1.1 and 4.1.2 were trojanized to include a malicious postinstall script.”
At the heart of the attack is a bundled bundle.js payload, which is executed during the installation process. It uses TruffleHog to scan local filesystems for secrets and exfiltrates data via GitHub Actions backdoors and public repositories. According to Kaspersky, “The script creates a new GitHub workflow that encodes the collected secrets into JSON and transmits to the attacker’s webhook[.]site server.”
The worm propagates by leveraging access to the NPM registry and GitHub. If valid tokens are found, the malware identifies other packages under the same maintainer and republishes infected versions. Socket.dev explains, “The attack uses the NPM registry API to locate other packages owned by the compromised maintainer and pushes new versions that contain the malicious script.”
Cloud platform credentials are also targeted. The malware captures environment variables such as AWS_ACCESS_KEY_ID, GITHUB_TOKEN, and AZURE_CLIENT_SECRET, and can enumerate AWS Secrets Manager and Google Cloud secrets through SDKs.
StepSecurity’s runtime analysis via Harden-Runner confirmed anomalous behavior, flagging unauthorized API calls to api.github.com during installation. The GitHub Actions workflow exfiltrates secrets by triggering on push events and silently uploads them to an attacker-controlled endpoint or to public GitHub repos named “Shai-Hulud.”
While the initial compromise vector remains unknown, experts urge developers to rotate all credentials, audit CI pipelines, and remove infected workflows immediately. NPM has since removed the malicious versions, but as StepSecurity noted, “This attack represents a major escalation in NPM ecosystem threats.”
