Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsСloud SecurityLatAm Vibe Hackers Generate Custom Hacking Tools on the FlyLatAm Vibe Hackers Generate Custom Hacking Tools on the FlybyAlexander CulafiMay 13, 20265 Min ReadApplication SecurityIt's Patch Tuesday for Microsoft & Not a Zero-Day In SightIt's Patch Tuesday for Microsoft & Not a Zero-Day In SightbyJai VijayanMay 12, 20265 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryApplication SecurityVulnerabilities & ThreatsRemote WorkforceCyber RiskNewsWorm Redux: Fresh Mini Shai-Hulud Infections Bite Supply ChainHundreds of npm packages infected by the self-propagating, credential-stealing worm from TeamPCP are related to the open source TanStack ecosystem.Elizabeth Montalbano,Contributing WriterMay 12, 20265 Min ReadSource: FlixPix via Alamy Stock PhotoThe Mini Shai-Hulud malware campaign continues to slither its way through the software supply chain, rearing its malicious head in a fresh wave of compromised npm packages and artifacts, mainly those used throughout the open source TanStack developer ecosystem.Researchers from Socket Threat Research and Aikido have identified hundreds of new compromised packages with the same basic goal as the previous proliferation of the worm-like malware: steal credentials from developer machines, and from continuous integration/continuous delivery (CI/CD) runners used by developers, then use those credentials to infect more packages for self-replication.Aikido researchers identified 373 malicious package-version entries across 169 npm package names, mainly related to the TanStack open source Web application stack. Meanwhile, researchers at Socket identified 84 compromised TanStack npm package artifacts modified with Mini Shai-Hulud, they said in a blog post published Tuesday. However, there is evidence that there are at least double that amount that span multiple organizations and developer tooling ecosystems, including SAP-related packages, AI tooling, and enterprise libraries, according to Socket.Related:It's Patch Tuesday for Microsoft & Not a Zero-Day In SightIndeed, the campaign appears to be ongoing and moving quickly, according to researchers from both firms. However, Raphael Silva, a security researcher at Aikido, wrote in a blog post published today that what's even more important is that this time, attackers are going for potentially even more dangerous proliferation tactics than in previous attacks."The important part is not only the number of packages, but where they run," he wrote. "These packages are likely to be installed in local developer environments, CI jobs, release workflows, and internal build systems."Abuse of Trust: Compromised Maintainer AccountsSocket attributes the latest wave of infected packages to a recurring threat cluster informally tracked as TeamPCP, which operates Mini Shai-Hulud — a variant of Shai-Hulud that presumably takes its name from the Dune sandworm and was first seen infecting code packages in September 2025. Attackers designed the malware to steal credentials and infect components across other software, propagating on its own without developer or attacker input. After its initial appearance, Shai-Hulud continued to surface periodically, appearing with new wiper capability in November and December campaigns of the same year. Then Mini Shai-Hulud surfaced late last month, with more advanced and aggressive techniques that not only steal credentials and allow it to replicate, but also can hijack trusted publishing paths and execute malicious payloads during installation. It does this by compromising maintainers’ publishing credentials and automatically pushing Trojanized package updates to repositories under those accounts.Related:'TrustFall' Convention Exposes Claude Code Execution Risk"Compared with the original Shai-Hulud worm, Mini Shai-Hulud has evolved to feel more tuned for how packages are published today," Silva explains to Dark Reading. "This newer activity leans even harder into CI/CD and trusted publishing. It can abuse a legitimate workflow and still produce a package that looks like it came from the expected release process, using provenance to its advantage."Indeed, in his post, Silva called the malware's abuse of trusted publishing "one of the more uncomfortable parts of this wave" of attacks."Trusted publishing is meant to remove long-lived npm tokens from release workflows," he wrote. "A GitHub Actions workflow can use OIDC to request a short-lived npm publish token, publish the package, and attach provenance to the release."This is a good thing when the workflow is clean; however, "it is much worse when attacker-controlled code runs inside the workflow," Silva noted. Related:Reverse Engineering With AI Unearths High-Severity GitHub BugInside Job: Self-Propagation Continues to WorryWhat could spell even more trouble for developers is that the new wave of Mini Shai-Hulud packages seems far more deliberate and organized than the previous appearance of the variant, Silva noted in his post."This wave does not just look like someone manually publishing bad versions," he wrote. "The malware is built to run inside build systems, steal npm and GitHub access, and abuse trusted publishing paths to push new compromised packages."Further, Mini Shai-Hulud uses heavily obfuscated JavaScript payloads and Bun-based execution techniques to evade traditional Node.js-focused security tooling. Some variants also establish persistence through IDE integrations and developer tooling hooks, the researchers said."What makes this whole Shai-Hulud campaign so dangerous is the combination of credential theft and propagation," Silva tells Dark Reading. "It tries to turn one compromised runner or developer machine into the next poisoned package. That means the blast radius is not limited to whoever installed the malware first."Stop the Spread: Developer Defense Against Shai-HuludMalicious code-package campaigns have by now become a familiar way for attackers to compromise the software supply chain, and extend their malware reach quickly, especially with worms that can self-propagate like Shai-Hulud. Though many attacks are detected and halted quickly before they do much damage, that doesn't mean that developers can let their guard down, and need to redouble efforts to make sure the open source code they use in development projects is without malicious infection. To help developers identify the malicious packages related to the campaign and stop them from spreading, both Socket and Aikido published lists of the malicious artifacts and packages they identified and flagged. However, given the ongoing nature of the campaign, developers should immediately take other steps and follow some best practices to protect their projects from compromise.These include: scanning npm publishing logs for any unexpected publishes from your organization's packages, particularly versions published from GitHub Actions runners that were not initiated by a team member; rotating npm, GitHub, cloud, and CI/CD credentials potentially exposed to build pipelines; and enabling provenance verification, package allow-listing, and dependency monitoring, according to Socket.Developers also should hunt for unauthorized package publishes tied to maintainer accounts as well as inspect developer endpoints for credential theft or persistence artifacts to ensure their projects have not been infected by malicious packages, the researchers advised.Don't miss the latest Dark Reading Confidential podcast, How the Story of a USB Penetration Test Went Viral. Two decades ago Dark Reading posted its first blockbuster piece — a column by a pen tester who sprinkled rigged thumb drives around a credit union parking lot and let curious employees do the rest. This episode looks back at the history-making piece with its author, Steve Stasiukonis. Listen now!About the AuthorElizabeth MontalbanoContributing WriterElizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.See more from Elizabeth MontalbanoWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security Management2025 State of MalwareAccess More ResearchWebinarsYour Guide to Securing AI Adoption in Your OrganizationWhat is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspacePrompt Injection Is Just the Start: Securing LLMs in AI SystemsAnatomy of a Data Breach: What to Do if it Happens to YouMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeRSAC 2026: key news & insightsAt RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much moreGet Your RecapWebinarsYour Guide to Securing AI Adoption in Your OrganizationTues, June 9, 2026 at 1pm ESTWhat is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?Wed, June 3, 2026 at 1pm ESTThe New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud WorkspaceWed, June 24,2026 at 1pm ESTPrompt Injection Is Just the Start: Securing LLMs in AI SystemsTues, May 26, 2026, at 1pm ESTAnatomy of a Data Breach: What to Do if it Happens to YouJune 18th, 2026 | 11:00am -5:00pm ET | Doors Open at 10:30am ETMore WebinarsBlack Hat USA | Mandalay Bay, Las VegasThe premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.GET YOUR PASSDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of UseYour Privacy Choices

The Mini Shai-Hulud malware campaign highlights escalating threats within the software supply chain, specifically targeting the open source ecosystem through the infection of npm packages and artifacts. Researchers from Socket Threat Research and Aikido identified hundreds of new compromised packages related to the TanStack open source Web application stack, noting that at least double that amount involves multiple organizations and developer tooling ecosystems, including SAP-related packages, AI tooling, and enterprise libraries. The fundamental goal of this malware, attributed to the threat cluster informally tracked as TeamPCP, is the theft of credentials from developer machines and continuous integration/continuous delivery (CI/CD) runners to facilitate self-replication across other components.

The evolution of this threat is significant; while the original Shai-Hulud worm initiated credential theft and propagation, the subsequent Mini Shai-Hulud variant incorporates more aggressive proliferation tactics. As noted by Raphael Silva, a security researcher at Aikido, this newer activity focuses heavily on abusing trusted publishing paths. Attackers are now able to compromise maintainers’ publishing credentials and automatically push Trojanized package updates to repositories under those accounts, effectively leveraging legitimate workflows to ensure malicious code appears to originate from expected release processes by manipulating provenance. Silva emphasized that this abuse of trusted publishing is one of the more uncomfortable aspects of the current attack wave.

The dangers associated with this infection stem from the method of propagation, which targets environments where development and deployment occur, including local developer environments, CI jobs, release workflows, and internal build systems. The malware employs heavily obfuscated JavaScript payloads and Bun-based execution techniques to evade traditional Node.js-focused security tooling, and it establishes persistence through hooks within IDE integrations and developer tooling. This combination of credential theft and self-propagation means that the blast radius of the infection is not limited to the initial point of compromise but can infect numerous downstream packages and organizations across the software ecosystem.

To mitigate this widespread risk, developers must implement stringent defensive practices to secure their projects against supply chain compromise. Both Socket and Aikido have provided lists of identified malicious artifacts and packages to aid in detection. Developers should focus on several crucial steps to protect their systems. This includes rigorously scanning npm publishing logs for any unexpected publishes, particularly those originating from GitHub Actions runners that were not initiated by a team member. Furthermore, it is critical to rotate credentials exposed to build pipelines, such as npm, GitHub, cloud, and CI/CD credentials. Enabling provenance verification, package allow-listing, and dependency monitoring are essential measures. Developers must also actively hunt for unauthorized package publishes linked to maintainer accounts and inspect developer endpoints for any signs of credential theft or persistence artifacts to ensure the integrity of their development projects.