Malware Exploits npm Preinstall to Steal Secrets, Hijack 25K GitHub Repos

Generated by AI AgentCoin WorldReviewed byAInvest News Editorial Team
Monday, Nov 24, 2025 8:02 am ET1min read
Speaker 1
Speaker 2
AI Podcast:Your News, Now Playing
Aime RobotAime Summary

- Wiz Research identified Shai-Hulud 2.0, a supply-chain attack exploiting npm's `preinstall` phase to hijack 25,000+ GitHub repos and steal secrets from crypto/developer tools.

- Malware infiltrates packages like `@zapier/zapier-sdk` and `@ensdomains/ens-validation`, using GitHub runners for credential theft and workflow injection across ecosystems.

- Attackers create self-hosted runners, exfiltrate secrets as artifacts, and delete traces, with new compromises emerging at 1,000 per 30 minutes.

- Security teams urged to replace compromised packages, rotate credentials, and audit GitHub environments to mitigate risks in vulnerable supply chains.

A new npm supply-chain attack, dubbed Shai-Hulud 2.0, has compromised major libraries used by developers and cryptocurrency projects, including

Ethereum Name Service
(ENS) tools and Zapier integrations. The campaign, identified by Wiz Research, leverages malicious code execution during the `preinstall` phase of package installation, enabling attackers to exfiltrate secrets and inject workflows into GitHub repositories
according to Wiz Research
. Over 25,000 repositories have been affected, with new compromises emerging at a rate of 1,000 per 30 minutes, underscoring the rapid spread of the threat.

The attack involves trojanized versions of legitimate npm packages, which execute credential theft and data exfiltration upon installation. Unlike prior variants of the Shai-Hulud campaign, this iteration introduces new payload files such as `setup_bun.js` and `bun_environment.js`, expanding its reach to the PostHog, Postman, and AsyncAPI ecosystems. The malware registers infected machines as self-hosted GitHub runners and creates workflows that allow attackers to execute arbitrary commands via GitHub discussions. Additionally, it exfiltrates secrets from GitHub repositories by

listing and uploading defined secrets
as artifacts before deleting traces of its activity.

Numerous high-profile packages have been confirmed compromised, including `@zapier/zapier-sdk` (versions 0.15.5–0.15.7), `@ensdomains/ens-validation` (0.1.1), and `@posthog/agent` (1.24.1). The attack also impacts packages from lesser-known publishers such as `@trigo/`, `@orbitgtbelgium/`, and `@louisle2/`. Wiz Research noted that the campaign's tactics closely resemble previous Shai-Hulud attacks but may involve different threat actors, given variations in payload structure and propagation logic.

No attribution has been confirmed
, but the ongoing nature of the attack suggests a well-coordinated effort.

Security teams are urged to take immediate action. Recommendations include removing and replacing compromised packages, clearing npm caches, and rotating credentials such as GitHub personal access tokens (PATs) and cloud provider keys. Developers should also audit GitHub environments for repositories named "Shai-Hulud" or workflows containing suspicious commits.

Hardening CI/CD pipelines
by restricting lifecycle scripts and limiting outbound network access to trusted domains is critical to mitigating exposure.

The scale of the attack highlights the vulnerabilities inherent in software supply chains. Wiz Research emphasized that the threat leverages npm's widespread adoption, with trojanized packages already downloaded in multiple environments before their removal. GitHub is actively deleting repositories linked to the campaign, but attackers continue to create new ones, complicating remediation efforts.

As the incident unfolds, the cybersecurity community is monitoring whether this campaign marks a new phase in supply-chain attacks targeting open-source ecosystems. Developers are advised to prioritize dependency updates and adopt automated tools to detect malicious activity in real time.