The malicious program implants the Bun runtime during the configuration of the package, subsequently executing harmful code that explores programmer surroundings for exposed confidential data utilizing TruffleHog, it was observed.
On November 24, a subsequent wave of the Shai-Hulud self-propagating npm malicious program was detected by security company Aikido, infiltrating 492 packages possessing an accumulated 132 million monthly downloads, it was reported.
The intrusion targeted significant ecosystems, encompassing AsyncAPI, PostHog, Postman, Zapier, and ENS, capitalizing on the last weeks preceding npm’s December 9 cutoff for revoking outdated authentication tokens, it was observed.
The intrusion was flagged by Aikido’s triage queue around 3:16 AM UTC, concurrently with harmful iterations of AsyncAPI’s go-template and 36 associated packages commencing proliferation across the registry, it was reported.
Repositories containing pilfered credentials were designated by the perpetrator with the label “Sha1-Hulud: The Second Coming,” sustaining the dramatic nomenclature from the September operation, it was reported.
The malicious program implants the Bun runtime during the configuration of the package, subsequently executing harmful code that explores programmer surroundings for exposed confidential data utilizing TruffleHog, it was observed.
Vulnerable API keys, GitHub tokens, and npm credentials are published to publicly accessible repositories with arbitrary names, and the malicious software endeavors to spread by issuing fresh compromised versions to a maximum of 100 supplementary packages, fivefold the scope of the September intrusion, it was reported.
Technical Advancements and the Resulting Damage
The version launched in November incorporates multiple modifications from the preceding September intrusion, it was observed.
The malicious software presently establishes repositories with arbitrarily produced names for purloined data, instead of utilizing fixed identifiers, thereby hindering removal processes, it was reported.
Configuration code deploys Bun via setup_bun.js prior to running the core payload within bun_environment.js, which encompasses the malicious program’s logic and credential-exfiltration procedures, it was detailed.
The most ruinous enhancement is the following: if the malicious software is unable to establish authentication with GitHub or npm utilizing purloined credentials, all files in the user’s primary directory are eradicated, it was observed
Aikido’s examination disclosed implementation faults that restricted the diffusion of the intrusion. The packaging code responsible for duplicating the entire malicious program into novel packages occasionally neglects to incorporate bun_environment.js, leaving solely the Bun installation script devoid of the harmful payload, it was reported.
Notwithstanding these shortcomings, the initial incursions struck high-priority targets possessing colossal downstream vulnerability, it was noted.
AsyncAPI packages superseded the first wave, with 36 infiltrated releases, including @asyncapi/cli, @asyncapi/parser, and @asyncapi/generator, it was reported.
PostHog followed at 4:11 AM UTC, incorporating compromised iterations of posthog-js, posthog-node, and numerous associated plugins. Postman packages were observed arriving at 5:09 AM UTC, it was noted.
GitHub Branch Creation Points to Repository-Level Access
The Zapier intrusion impacted @zapier/zapier-sdk, zapier-platform-cli, and zapier-platform-core, concurrently with the ENS intrusion, which was found to compromise @ensdomains/ensjs, @ensdomains/ens-contracts, and ethereum-ens, it was reported.
A harmful branch in the AsyncAPI team’s CLI repository was uncovered immediately preceding the emergence of the infiltrated packages on npm, it was noted.
The branch encompassed a deployed version of the Shai-Hulud malicious program, signifying that write access to the repository itself had been obtained by the perpetrator, rather than merely compromising npm tokens, it was noted.
This intensification reflects the methodology utilized in the initial Nx infiltration, where source repositories were altered by the intruders to embed detrimental code into authorized compilation workflows, it was reported.
Aikido projects that 26,300 GitHub repositories currently encompass purloined credentials labeled with the “Sha1-Hulud: The Second Coming” designation, it was observed.
The repositories encompass confidential data that was exposed by developer environments that utilized the infiltrated packages, incorporating cloud service authorizations, CI/CD tokens, and authentication keys for external APIs, it was reported.
The visible characteristic of these disclosures exacerbates the harm: any perpetrator tracking the repositories can harvest credentials instantaneously and initiate subsequent intrusions, it was reported.
Attack Timing and Mitigation Efforts
The timing corresponds with npm’s November 15 declaration that antiquated authentication tokens will be rescinded on December 9, it was noted.
The perpetrator’s decision to initiate a concluding large-scale operation before the deadline suggests the recognition that the opportunity for token-based intrusions was diminishing. Aikido’s chronology illustrates that the initial Shai-Hulud surge commenced on September 16, it was reported.
The November 24 “Second Coming” event constitutes the perpetrator’s final chance to utilize legacy tokens before that access is terminated by npm’s platform transition, it was reported.
Aikido proposes that all dependencies originating from impacted ecosystems should be scrutinized by security teams, especially the Zapier, ENS, AsyncAPI, PostHog, and Postman packages that were installed or refreshed subsequent to November 24, it was advised.
All GitHub, npm, cloud, and CI/CD confidential keys employed within surroundings where these packages were found should be cycled by organizations. Furthermore, GitHub should be searched for repositories utilizing the “Sha1-Hulud: The Second Coming” designation to ascertain if internal credentials were divulged, it was suggested.
Deactivating npm postinstall scripts within CI pipelines prohibits future execution during installation, and affixing precise package versions using lock files diminishes vulnerability to newly infiltrated releases, it was advised.
