Shai-hulud 2.0 Variant Threatens Cloud Ecosystem TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityPrompt Injections Loom Large Over ChatGPT's Atlas BrowserPrompt Injections Loom Large Over ChatGPT's Atlas BrowserbyAlexander CulafiNov 26, 20256 Min ReadVulnerabilities & ThreatsCritical Flaw in Oracle Identity Manager Under ExploitationCritical Flaw in Oracle Identity Manager Under ExploitationbyRob WrightNov 24, 20252 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllApplication SecurityLINE Messaging Bugs Open Asian Users to Cyber EspionageLINE Messaging Bugs Open Asian Users to Cyber EspionagebyTara SealsNov 21, 20257 Min ReadEndpoint SecurityChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesbyNate Nelson, Contributing WriterNov 20, 20253 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyberattacks & Data BreachesСloud SecurityVulnerabilities & ThreatsThreat IntelligenceNewsShai-hulud 2.0 Variant Threatens Cloud EcosystemThe latest attack from the self-replicating npm-package poisoning worm can also steal credentials and secrets from AWS, Google Cloud Platform, and Azure.Elizabeth Montalbano, Contributing WriterDecember 1, 20254 Min ReadSource: FlixPix via Alamy Stock PhotoThe Shai-hulud self-replicating worm's dangerous new variant is burrowing into new territories in its latest attack, flaunting features that threaten not only the npm code repository, but also GitHub and the cloud ecosystem — and to boot, it features new wiper functionality.Researchers from Trend Micro have revealed advanced capabilities of Shai-hulud 2.0, a variant of the worm that emerged in November, a mere two months after it first spread across open source npm packages with a wormable attack that can compromise the software supply chain. The findings also come a week after researchers at Wiz revealed a variant "that executes malicious code during the preinstall phase, significantly increasing potential exposure in build and runtime environments."Shai-hulud, which presumably takes its name from the dreaded sandworm of the Dune novel and film series, is now stealing cloud credentials and using them to "access cloud-native secret management services," while also exhibiting a previously unveiled destructive code that wipes user data if the worm is unsuccessful in harvesting it, according to a recent blog post by Trend Micro researcher Jeffrey Francis Bonaobra. "It can steal credentials from [Amazon Web Services], [Google Cloud Platform], and Azure cloud providers, which can contain API keys, tokens, and passwords, along with npm tokens and GitHub authentication credentials," he wrote in the post.  Related:Digital Fraud at Industrial Scale: 2025 Wasn't GreatCloud Credentials at Risk From WormBeyond stealing static credentials, the malware uses stolen cloud credentials to access cloud-native secret management services, retrieving secrets from AWS using the AWS Secrets Manager API, extracting Google Cloud secrets through the GCP Secret Manager API, and collecting Azure secrets via Azure Key Vault. The malware also targets credentials from Azure Pod Identity, a legacy system that remains widely used for providing Azure identities to Kubernetes pods, Bonaobra said.If that's not enough, the new variant "also automatically backdoors every npm package maintained by the victim, republishing them with malicious payloads that run during package installation," he wrote. This capability is an enhancement to its initial attack vector, first detailed by researchers at ReversingLabs, to steal credentials of npm developer accounts and poison packages across their repositories, before going on to republish malicious versions of components maintained by these accounts. The worm then infects downstream users across the software supply chain, activating when an unsuspecting developer uses the infected component, thus stealing their credentials and infecting their packages, and continuing the self-propagation process.Related:Advanced Security Isn't Stopping Ancient Phishing TacticsShai-hulud Attack Chain Under a MicroscopeTrend Micro took a deep dive into the recently reported Shai-hulud 2.0 attack, finding that it's building upon its initial complexity to expand its dangerous propagation methods to the cloud and beyond.The attack chain itself began with a phishing email disguised as an npm security alert, tricking a developer into revealing credentials, which set off the compromise of the developer's npm account and subsequent package poisoning, as well as authentication to the GitHub API to further poison packages in all of the developer's repositories.Once it sets up its wormable supply-chain attack, the malware downloads and installs TruffleHog to scan for and harvest more secrets from files, then makes all stolen repositories public and mirrors their entire history. Shai-hulud then exfiltrates sensitive data using automated Web requests, and continues on its way to the previously documented downstream package poisoning. Later in the attack chain, the harvesting of cloud credentials and other secrets begins, with Shai-hulud targeting all three major cloud providers by first capturing the complete set of environment variables, which may contain API keys, tokens, and passwords. It then goes on to steal secrets from all of the platform's respective secrets managers, and uses stolen cloud credentials to access cloud-native secret management services. Related:DPRK's FlexibleFerret Tightens macOS GripIntelligent Attacks Require Intelligent ResponsesAll throughout its attack chain, the worm demonstrates unique intelligence that can parse through data to see what's valuable from an attack perspective and what's not, posing an advanced threat to both the software development and cloud ecosystems, Bonaobra noted in the post.Researchers at Koi Security, including co-founder and chief technology officer (CTO) Idan Dardikman, were among the first to identify Shai-hulud. Dardikman tells Dark Reading that one of the keys to defending against sophisticated attacks like this is to apply least privilege across the board throughout an organization's network. This can protect software and cloud assets from malicious code and give defenders a chance to detect attacks before they happen, he says.Organizations can do this by using granular, short-lived tokens scoped to specific packages rather than account-wide access; limiting CI/CD development pipeline permissions so that a single compromised bot token can't access an entire organization; and hardening cloud IAM so developer credentials can't reach production infrastructure. They also should pin dependencies with release-age delays to avoid installing malicious packages before they're detected, Dardikman adds."Security teams should also deploy tools that provide visibility into what packages are being used across the organization — you can't protect what you can't see, and knowing your software supply chain is the first step to securing it," he says.To help defenders detect malicious packages and identify potential infection by Shai-hulud, Trend Micro included a list of indicators of compromise (IoCs) in its blog post.About the AuthorElizabeth Montalbano, Contributing WriterElizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.See more from Elizabeth Montalbano, Contributing WriterMore InsightsIndustry ReportsForrester Wave: for Network Analysis and Visibility Solutions, Q4 2025Gartner Magic Quadrant for Network Detection and Response, 20252025 State of Threat Intelligence: What it means for your cybersecurity strategyGartner Innovation Insight: AI SOC AgentsState of AI and Automation in Threat IntelligenceAccess More ResearchWebinarsIdentity Security in the Agentic AI EraHow AI & Autonomous Patching Eliminate Exposure RisksSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeBlack Hat Middle East & AfricaCybersecurity OperationsAs Gen Z Enters Cybersecurity, Jury Is Out on AI's ImpactAs Gen Z Enters Cybersecurity, Jury Is Out on AI's ImpactbyRobert Lemos, Contributing WriterNov 25, 20254 Min ReadKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeWebinarsIdentity Security in the Agentic AI EraTues, Dec 9, 2025 at 1pm ESTHow AI & Autonomous Patching Eliminate Exposure RisksOn-DemandSecuring the Hybrid Workforce: Challenges and SolutionsTues, Nov 4, 2025 at 1pm ESTCybersecurity Outlook 2026Virtual Event | December 3rd, 2025 | 11:00am - 5:20pm ET | Doors Open at 10:30am ETThreat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesTuesday, Oct 21, 2025 at 1pm ESTMore WebinarsWhite PapersESG Open NDR: A Flexible and Powerful Platform for Detections and Data Across Hybrid EnvironmentsRansomware: The case for Open NDRSecure SAST. Innovate Fast: The future of SaaS and Cloud SecurityWhat Can an AI-Powered AppSec Engineer Do?How Squarespace and Semgrep Scaled Secure Development Across Thousands of ReposExplore More White PapersDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

The Shai-hulud 2.0 variant represents a significant escalation in the tactics employed by the self-replicating npm-package poisoning worm, posing a substantial threat to the cloud ecosystem. As highlighted by Trend Micro researcher Jeffrey Francis Bonaobra, this new iteration exhibits advanced capabilities, including the ability to steal credentials from Amazon Web Services, Google Cloud Platform, and Azure, alongside destructive code designed to wipe user data if the worm’s initial harvesting attempts fail. This expansion of functionality underscores the worm’s intelligence and adaptability – a key factor in its continued propagation. The worm’s capacity to access cloud-native secret management services (AWS Secrets Manager, GCP Secret Manager, and Azure Key Vault) further amplifies the potential damage.

The attack chain begins with a phishing email, leveraging a developer’s vulnerability to reveal credentials. This initial compromise triggers a broader supply-chain attack, encompassing repository poisoning and API authentication. Following the successful breach, Shai-hulud 2.0 utilizes TruffleHog to scan repositories for sensitive information, mirroring compromised assets and publishing them publicly. The worm then employs automated Web requests to exfiltrate data, moving through the software supply chain and infecting downstream users. The comprehensive nature of this attack reflects a sophisticated understanding of how software development teams operate.

Researchers at Koi Security, led by Idan Dardikman, emphasized the importance of least privilege across the organization’s network as a fundamental defense strategy. Dardikman explained that restricting developer access to specific packages and limiting CI/CD pipeline permissions drastically reduces the impact of a compromised bot token. Furthermore, hardening Identity and Access Management (IAM) controls prevents developer credentials from reaching production environments. The team’s insights reinforce the need for granular security policies, particularly within dynamic environments like cloud services.

Following a deep dive into the Shai-hulud 2.0 attack, Trend Micro identified a key element: the worm’s ability to parse data to identify valuable assets, demonstrating an advanced level of intelligence. This highlights the growing sophistication of cyber threats and the need for defenders to proactively anticipate and mitigate potential risks. The inclusion of Indicators of Compromise (IoCs) within Trend Micro’s blog post provides a critical resource for security teams seeking to detect and respond to this evolving threat.

Ultimately, the Shai-hulud 2.0 variant represents a complex and dangerous escalation. As Idan Dardikman correctly pointed out, "Security teams should also deploy tools that provide visibility into what packages are being used across the organization — you can’t protect what you can’t see," emphasizing the importance of comprehensive software supply chain visibility. Organizations must adopt a layered defense strategy, focusing on limiting access, monitoring dependencies, and proactively identifying potential vulnerabilities within their ecosystems.