On Nov. 24, security firm Aikido detected a second wave of the Shai-Hulud self-replicating npm worm, compromising 492 packages with a combined 132 million monthly downloads.
The attack struck major ecosystems, including AsyncAPI, PostHog, Postman, Zapier, and ENS, exploiting the final weeks before npm’s Dec. 9 deadline to revoke legacy authentication tokens.
Aikido’s triage queue flagged the intrusion around 3:16 AM UTC, as malicious versions of AsyncAPI’s go-template and 36 related packages began spreading across the registry.
The attacker labeled stolen-credential repositories with the description “Sha1-Hulud: The Second Coming,” maintaining theatrical branding from the September campaign.
The worm installs the Bun runtime during package setup, then executes malicious code that searches developer environments for exposed secrets using TruffleHog.
Compromised API keys, GitHub tokens, and npm credentials are published to randomly named public repositories, and the malware attempts to propagate by pushing new infected versions to up to 100 additional packages, five times the scale of the September attack.
Technical evolution and destructive payload
The November iteration introduces several modifications from the September attack.
The malware now creates repositories with randomly generated names for stolen data rather than using hardcoded names, complicating takedown efforts.
Setup code installs Bun via setup_bun.js before executing the primary payload in bun_environment.js, which contains the worm logic and credential-exfiltration routines.
The most destructive addition: if the malware cannot authenticate with GitHub or npm using stolen credentials, it wipes all files in the user’s home directory.
Aikido’s analysis revealed execution errors that limited the attack’s spread. The bundling code that copies the full worm into new packages sometimes fails to include bun_environment.js, leaving only the Bun installation script without the malicious payload.
Despite these failures, the initial compromises hit high-value targets with massive downstream exposure.
AsyncAPI packages dominated the first wave, with 36 compromised releases including @asyncapi/cli, @asyncapi/parser, and @asyncapi/generator.
PostHog followed at 4:11 AM UTC, with infected versions of posthog-js, posthog-node, and dozens of plugins. Postman packages arrived at 5:09 AM UTC.
The Zapier compromise affected @zapier/zapier-sdk, zapier-platform-cli, and zapier-platform-core, while the ENS compromise affected @ensdomains/ensjs, @ensdomains/ens-contracts, and ethereum-ens.
GitHub branch creation suggests repository-level access
The AsyncAPI team discovered a malicious branch in their CLI repository created immediately before the compromised packages appeared on npm.
The branch contained a deployed version of the Shai-Hulud malware, indicating the attacker gained write access to the repository itself rather than simply hijacking npm tokens.
This escalation mirrors the technique used in the original Nx compromise, in which attackers modified source repositories to inject malicious code into legitimate build pipelines.
Aikido estimates that 26,300 GitHub repositories now contain stolen credentials marked with the “Sha1-Hulud: The Second Coming” description.
The repositories contain secrets exposed by developer environments that ran the compromised packages, including cloud service credentials, CI/CD tokens, and authentication keys for third-party APIs.
The public nature of the leaks amplifies the damage: any attacker monitoring the repositories can harvest credentials in real time and launch secondary attacks.
Attack timing and mitigation
The timing coincides with npm’s Nov. 15 announcement that it will revoke classic authentication tokens on Dec. 9.
The attacker’s choice to launch a final large-scale campaign before the deadline suggests they recognized the window for token-based compromises was closing. Aikido’s timeline shows the first Shai-Hulud wave began Sept. 16.
The Nov. 24 “Second Coming” represents the attacker’s last opportunity to exploit legacy tokens before npm’s migration cuts off that access.
Aikido recommends that security teams audit all dependencies from affected ecosystems, particularly the Zapier, ENS, AsyncAPI, PostHog, and Postman packages installed or updated after Nov. 24.
Organizations should rotate all GitHub, npm, cloud, and CI/CD secrets used in environments where these packages were present, and search GitHub for repositories with the “Sha1-Hulud: The Second Coming” description to determine if internal credentials were exposed.
Disabling npm postinstall scripts in CI pipelines prevents future install-time execution, and pinning package versions with lock files limits exposure to newly compromised releases.
Source: https://cryptoslate.com/malicious-worm-compromises-crypto-domains-in-supply-chain-attack/
