Shai-Hulud v2: The Mutating Supply-Chain Virus

A rapidly evolving malware operation known as Shai-Hulud v2 is spreading across multiple software ecosystems like a mutating virus. The campaign compromises npm maintainer accounts, abuses insecure CI/CD workflows, and injects trojanized code into trusted open-source packages that are automatically mirrored into Maven. Once installed, the malware quietly backdoors developer workstations and build servers, steals secrets from tens of thousands of repositories, and uses automation to replicate itself downstream. In this outbreak, the infection vector is not the end user — it is the developer, and the supply chain itself becomes the transmission route.

PHASE 1 — Patient Zero: Maintainers Compromised

Every epidemic begins with a vulnerable host. In this case, attackers targeted npm maintainers with high trust and wide reach. Through credential theft, password reuse, OAuth token compromise, or social engineering, they seized control of accounts responsible for popular JavaScript libraries. With privileged access in hand, adversaries published new versions of packages containing malicious code that closely resembled legitimate updates. Developers automatically pulled these into their environments as part of routine dependency upgrades. The infection began quietly, embedded inside the very components trusted to build modern software.

PHASE 2 — Infection of the Build Pipeline

Unlike prior campaigns that relied solely on compromised packages, Shai-Hulud v2 deepens its reach by exploiting CI/CD automation. The attackers leveraged risky GitHub Actions triggers — particularly pull_request_target and workflow_run — which allow untrusted code to execute during the review process. Once triggered, these workflows grant access to repository secrets, ephemeral credentials, and automated deployment controls.

With the execution foothold established, Shai-Hulud v2 implants itself into CI environments. It registers new self-hosted runners controlled by the attacker, modifies workflows to execute malicious steps during build pipelines, and positions itself to re-inject malicious code even after cleanup attempts. A repository’s own automation becomes a self-replicating infection engine.

PHASE 3 — Cross-Ecosystem Mutation: From npm to Maven

Shai-Hulud v2 demonstrates unprecedented scale by extending the outbreak beyond JavaScript. Many npm packages are automatically mirrored to Maven Central via mvnpm processes, allowing Java developers to reuse JavaScript components from the JVM ecosystem. This legitimate automation inadvertently gave the malware a direct mutation path into new development communities.

Once a trojanized package was mirrored, the infection reached Java developers who had no connection with the original npm code. A breach in one ecosystem became a breach in another, without any manual effort by the attacker. The malware gained access to downstream organizations that were unaware they had inherited a compromised component, amplifying the blast radius exponentially.

PHASE 4 — The Payload: Secret Harvesting and Silent Exfiltration

After activation, the malware runs within developer environments using a Bun-based loader designed for stealth. It scans for sensitive data such as:

• API keys used in microservices

• GitHub and npm access tokens

• AWS, Google Cloud, and Azure credentials

• SSH keys and authentication cookies

• Internal configuration files

All stolen data is exfiltrated directly to attacker-controlled public GitHub repositories. Instead of a single command-and-control endpoint, Shai-Hulud v2 dynamically generates randomly named repositories to reduce detection and analysis. Recent telemetry shows:

• Over 28,000 repositories affected

• 11,858 unique secrets exposed

• Approximately 2,300 secrets still valid at time of reporting

With cloud keys in hand, attackers can escalate beyond development machines into enterprise infrastructure, deploy additional backdoors, or manipulate source code integrity in critical business systems.

PHASE 5 — Persistence and Autonomous Propagation

A defining characteristic of this malware is its self-replication. Each compromised repository or CI runner becomes an infection node. The malware publishes further trojanized dependencies, modifies workflow files to ensure re-execution, and spreads itself wherever build automation pulls these libraries again. Developers unknowingly accelerate its propagation through standard updates and builds.

The longer the infection persists unnoticed, the more organizations inherit compromised artifacts and the more powerful the attackers become, gaining ongoing access to source code, infrastructure, and identity systems.

Shai-Hulud v2 is not only a supply-chain attack. It is a structural challenge to the trust model that supports global software development. The breach demonstrates that:

• Open-source maintainers form a critical security perimeter

• CI/CD automation is both a productivity engine and an attack surface

• Dependency ecosystems are tightly interconnected — one breach spreads widely

• Developers themselves are now the primary infection vector

This campaign reinforces a central reality of modern cybersecurity:

A single compromised maintainer, a single misconfigured workflow, or a single automated mirror can ignite a global infection across ecosystem boundaries.

Measures to Fend Off the Infection

• Rotate and revoke all potentially exposed secrets, tokens, and API keys across GitHub, npm, Maven ecosystems, and all cloud providers (AWS, GCP, Azure).

• Remove all trojanized package versions from environments, and reinstall dependencies from verified clean releases.

• Apply least-privilege access to developer accounts, CI workflows, self-hosted runners, and cloud identities to limit lateral movement.

• Disable risky GitHub Actions triggers (pull_request_target, poorly configured workflow_run) or strictly scope permissions when their use is unavoidable.

• Enforce mandatory peer review and protection rules for publishing rights in npm and Maven to prevent unauthorized package releases.

• Implement automated dependency policy enforcement: prevent use of known-compromised or unsigned packages across development and CI/CD pipelines.

• Continuously scan repositories and build systems for hardcoded secrets using automated detection tools, blocking commits containing exposed credentials.

• Harden DevOps environments with endpoint security for developers, CI isolation, and infrastructure-as-code security controls to prevent long-term persistence.

• Monitor for self-hosted runner anomalies, malicious workflow changes, unusual GitHub API activity, and new repositories created without authorization.

• Adopt software supply-chain security frameworks (e.g., SLSA, SBOM requirements, provenance attestation) to strengthen package integrity and traceability.

Defending against the next wave requires cultural change: security must be built into the software supply chain with the same rigor applied to production environments. Without strong identity controls, dependency governance, secret hygiene, and CI/CD hardening, the outbreak cycle will continue — evolving quietly in the automation we trust the most.

The Hacker News

https://thehackernews.com/2025/11/shai-hulud-v2-campaign-spreads-from-npm.html