Dark ReadingArchived May 19, 2026✓ Full text saved
The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.
Full text archived locally
✦ AI Summary· Claude Sonnet
APPLICATION SECURITY
THREAT INTELLIGENCE
DATA PRIVACY
IDENTITY & ACCESS MANAGEMENT SECURITY
NEWS
Shai-Hulud Worm Clones Spread After Code Release
The release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.
Alexander Culafi,Senior News Writer,Dark Reading
May 18, 2026
4 Min Read
SOURCE: FLIXPIX VIA ALAMY STOCK PHOTO
TeamPCP published Shai-Hulud source code to GitHub last week, and the infamous worm already shows signs of spreading.
TeamPCP is a financially motivated threat actor that has long been assessed as a key, if not the key, culprit behind the Shai-Hulud self-replicating worm attacks, as well as various successor worms. Shai-Hulud, named after the sandworms from the popular science fiction novel Dune, is a self-replicating malware worm that began infecting node packet manager (NPM) packages last summer.
A developer would download an open source software component that has been poisoned by the malware, the malware would infect that developer with an infostealer, and then the malware would use the developer's compromised NPM accounts to publish poisoned dependencies of whatever packages that develop maintains — all without threat actor interference. The cycle would then repeat.
Shai-Hulud and similar worms have made a mess out of the open source development ecosystem in recent months, but despite a tidal wave of threat campaigns targeting developers, defenders acted quickly and the damage thus far has been somewhat limited.
Related:Attackers Weaponize RubyGems for Data Dead Drops
With that in mind, we may be entering a new world of Shai-Hulud-based threats, as TeamPCP invited other threat actors to use the code in attacks. A Datadog blog post noted that GitHub removed the original May 12 repository, though follow-on forks persisted.
Shai-Hulud Clones Infest NPM
LOADING...
In a research blog post published today, Patrick Münch, chief security officer (CSO) of vulnerability management vendor Mondoo, said a threat actor "uploaded four malicious packages from one [npm] account: a near-verbatim copy of Shai-Hulud with its own command-and-control infrastructure, three Axios typosquats, and a distributed denial of service (DDoS) botnet payload that conscripts infected machines into a flooding network."
Although the weekly downloads for all npm packages combined only total about 2,600, Münch argued that the real story here is that it shows a new frontier for software development supply chain attacks. More specifically, Shai-Hulud is a prototype for "a new paradigm of automated supply chain attack that weaponizes developer identity and the implicit trust baked into modern CI/CD pipelines."
With Shai-Hulud, typosquatting is only the first stage. A successful Shai-Hulud variant spreads through compromising developer accounts and updating trusted packages with malware. Münch said a wave of worms like this could disrupt the innate trust in these open source ecosystems that developers across the world rely on.
Related:It's Patch Tuesday for Microsoft & Not a Zero-Day In Sight
Adrian Culley, senior sales engineer at SafeBreach, tells Dark Reading that the Shai-Hulud release is less about bravado and more about TeamPCP running a marketing campaign for an access broker business. The malware command-and-control (C2) by default is attached to TeamPCP's infrastructure, for example.
"The open source drop launders attribution behind a wave of copycats, the BreachForums contest is loss-leader pricing to recruit unpaid distribution, and every C2 those contestants stand up still feeds credentials into TeamPCP's monetization pipeline," he says. "The point isn't the worm. The point is to overwhelm defenders while the credentials walk out the back door."
Troubling Implications for Future Worms
This ties into what Münch called the most "uncomfortable detail" about the clones: attackers can apparently swap out the C2 and signing key without much consequence.
"The headline clone, published as chalk-tempalte (a typosquat of the popular chalk-template package), is an almost direct copy of the leaked Shai-Hulud source," he wrote. "The attacker swapped in their own C2 endpoint and their own signing key, did not bother with obfuscation, and shipped it. And it worked."
Related:Worm Redux: Fresh Mini Shai-Hulud Infections Bite Supply Chain
The infostealers on the back end varied between all four packages. One looked identical to the Shai-Hulud open source version, while the other three varied in capabilities. The reason this matters, Mondoo highlighted, is that the various infostealers appear to be "machine-assemnled." Thus, an attacker can spin up multiple payloads and run four different malware packages simultaneously with little effort.
As Culley puts it, defenders were able to beat Shai-Hulud last year because they were chasing one worm at a time. "From here they’re chasing a population — variants with different C2, different keys, different payloads, sharing enough DNA to be dangerous but not enough to share signatures."
According to Mondoo's blog post, turning on three controls in a package manager should neutralize the threat of Shai-Hulud and these clones. Developers should block life cycle scripts by default, enforce a release cooldown, and detect trust downgrades.
"Beyond the package manager, treat your CI/CD pipeline as an attack surface, not a deployment mechanism," Münch wrote. "Audit which dependencies actually need install-time code execution and document why. Rotate any credentials that have been on developer workstations or CI runners that touched the affected packages. And do not assume that because the four packages flagged this week have low download counts, your environment is unaffected. The same techniques are being applied right now by actors who have not been caught yet."
About the Author
Alexander Culafi
Senior News Writer, Dark Reading
Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere.
At Dark Reading, he covers a variety of cybersecurity topics, including the cybercrime ecosystem, open source security, and the intersection between AI and threat actors. In his spare time, Alex hosts the weekly Nintendo podcast, "Talk Nintendo Podcast," and works on personal writing projects, including two previously self-published science fiction novels.
He has received numerous awards, including TechTarget's Writer of the Year in 2022 as well as more than 10 Azbee awards for his reporting between 2022 and today.
Want more Dark Reading stories in your Google search results?
ADD US NOW
More Insights
Industry Reports
How Enterprises Are Developing Secure Applications
Inside RSAC 2026: security leaders reveal the risks redefining your defense strategy
How Enterprises Are Harnessing Emerging Technologies in Cybersecurity
Ditch the Data Center: Understanding Flexible Cloud Infrastructure Security Management
2025 State of Malware
Access More Research
Webinars
How Security Teams should apply Threat Intelligence into their Defenses
Your Guide to Securing AI Adoption in Your Organization
What is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?
The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud Workspace
Prompt Injection Is Just the Start: Securing LLMs in AI Systems
More Webinars
You May Also Like
APPLICATION SECURITY
Supply Chain Attack Secretly Installs OpenClaw for Cline Users
by Rob Wright
FEB 19, 2026
APPLICATION SECURITY
Chinese Hackers Hijack Notepad++ Updates for 6 Months
by Jai Vijayan, Contributing Writer
FEB 02, 2026
APPLICATION SECURITY
Trump Administration Rescinds Biden-Era Software Guidance
by Alexander Culafi
JAN 29, 2026
APPLICATION SECURITY
Microsoft Fixes Exploited Zero Day in Light Patch Tuesday
by Jai Vijayan, Contributing Writer
DEC 09, 2025
Editor's Choice
THREAT INTELLIGENCE
From Stuxnet to ChatGPT: 20 News Events That Shaped Cyber
byDark Reading Editorial Team
MAY 6, 2026
31 MIN READ
CYBER RISK
Physical Cargo Theft Gets a Boost From Cybercriminals
byRobert Lemos
MAY 4, 2026
5 MIN READ
CYBER RISK
NSA Chief During Snowden Affair Shares Regrets, Reflections 13 Years Later
byDark Reading Editorial Team
APR 28, 2026
Want more Dark Reading stories in your Google search results?
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
SUBSCRIBE
LOADING...
RSAC 2026: key news & insights
At RSAC 2026, Dark Reading captured critical intelligence on AI, new attack methods, geopolitics, and much more
Get Your Recap
Webinars
How Security Teams should apply Threat Intelligence into their Defenses
THURS, JUNE 11, 2026 AT 1PM EST
Your Guide to Securing AI Adoption in Your Organization
TUES, JUNE 9, 2026 AT 1PM EST
What is the Right Role for Identity Threat Detection and Response (ITDR) in Your Organization?
WED, JUNE 3, 2026 AT 1PM EST
The New Attack Surface: How Attackers Are Exploiting OAuth to Own Your Cloud Workspace
WED, JUNE 24,2026 AT 1PM EST
Prompt Injection Is Just the Start: Securing LLMs in AI Systems
TUES, MAY 26, 2026, AT 1PM EST
More Webinars
BLACK HAT USA | MANDALAY BAY, LAS VEGAS
The premier cybersecurity event of the year returns to Mandalay Bay with a re‑engineered, six‑day program built to ignite innovation, push boundaries, and bring the global security community together like never before. Use code: DARKREADING to save $200 on a Briefings pass or $100 on a Business pass.
GET YOUR PASS