CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership May 19, 2026

600+ npm Packages Compromised in New Mini Shai-Hulud Supply Chain Attack

Cybersecurity News Archived May 19, 2026 ✓ Full text saved

A sophisticated npm supply chain campaign dubbed Mini Shai-Hulud has claimed over 600 package versions overnight, with security researchers at Socket and Endor Labs identifying 639 compromised package versions across 323 unique packages in the latest wave. The bulk of the activity targeted the @antv ecosystem, alongside packages under @lint-md, @openclaw-cn, and @starmind scopes. Malicious […] The post 600+ npm Packages Compromised in New Mini Shai-Hulud Supply Chain Attack appeared first on Cyb

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security 600+ npm Packages Compromised in New Mini Shai-Hulud Supply Chain Attack By Guru Baran May 19, 2026 A sophisticated npm supply chain campaign dubbed Mini Shai-Hulud has claimed over 600 package versions overnight, with security researchers at Socket and Endor Labs identifying 639 compromised package versions across 323 unique packages in the latest wave. The bulk of the activity targeted the @antv ecosystem, alongside packages under @lint-md, @openclaw-cn, and @starmind scopes. Malicious publish activity began at approximately 01:56 UTC on May 19, 2026, continuing until 02:56 UTC. Socket’s detection systems flagged most activity within 6 to 12 minutes of publication, with a median detection time of 6.7 minutes. Endor Labs independently observed 42 malicious packages between 01:39 and 02:06 UTC, tracing the campaign’s origin to two long-dormant packages: jest-canvas-mock and size-sensor, neither of which had been published in over three years. Across the full Mini Shai-Hulud campaign tracked to date, researchers have confirmed 1,055 compromised versions across 502 unique packages, spanning npm (1,048 versions), PyPI (6 versions), and Composer (1 version). 600+ npm Packages Compromised The injected payload operates at install time via a preinstall lifecycle hook: json"preinstall": "bun run index.js" A root-level index.js file, heavily obfuscated using a string-array lookup table and a custom decryptor exposed through globalThis, executes automatically upon package installation. The payload exfiltrates stolen data to a hardcoded HTTPS endpoint: https://t[.]m-kosche[.]com:443/api/public/otel/v1/traces. Collected data is gzip-compressed, AES-256-GCM encrypted, and the AES key is wrapped with RSA-OAEP/SHA-256 before transmission — a layered approach designed to prevent plaintext recovery from network telemetry. The payload aggressively targets developer and CI/CD environments, harvesting: GitHub tokens, npm tokens, and AWS credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN) Kubernetes service account material (KUBECONFIG, KUBERNETES_SERVICE_HOST) Vault tokens (VAULT_TOKEN, VAULT_AUTH_TOKEN) SSH/private keys, Docker auth files, and database connection strings The malware contains explicit logic for 18+ CI/CD platforms, including GitHub Actions, GitLab CI, CircleCI, Jenkins, Azure DevOps, AWS CodeBuild, Vercel, Netlify, and Cloudflare Pages. If a usable GitHub token is obtained, the payload creates repositories under the victim’s account and commits stolen data into a results/results-<timestamp>-<counter>.json path. Public GitHub searches currently reveal approximately 1,900 attacker-created repositories using the reversed campaign marker niagA oG eW ereH :duluH-iahS (decoding to “Shai-Hulud: Here We Go Again”) with Dune-themed repository names such as sayyadina-stillsuit-852 and atreides-ornithopter-112. The repository Zaynex/sayyadina-stillsuit-852 has been confirmed as an active exfiltration staging repo. The worm also abuses stolen npm tokens to enumerate maintainable packages, inject the payload, bump version numbers, and republish, enabling self-propagation across the npm ecosystem under legitimate maintainer identities. Endor Labs highlighted three novel behaviors in this wave: Sigstore abuse: The worm now calls Fulcio and Rekor at runtime to obtain valid signing certificates and transparency log entries, causing provenance tooling to display a green badge despite the malicious build chain Dormant account targeting: Packages like jest-canvas-mock, size-sensor, and timeago.js (dormant for 3–10 years) were used as entry points, as older accounts attract less scrutiny Single-token namespace takeover: At least 37 @antv/* packages are confirmed malicious, consistent with a single stolen token holding publish rights across the entire namespace Indicators of Compromise Type Indicator C2 Endpoint t[.]m-kosche[.]com:443/api/public/otel/v1/traces GitHub Marker niagA oG eW ereH :duluH-iahS Repo Pattern <dune-word>-<dune-word>-<digits> Exfil Path results/results-*.json Key Secret Targets GITHUB_TOKEN, AWS_ACCESS_KEY_ID, VAULT_TOKEN, KUBECONFIG Mitigations Audit all recently updated @antv/*, @lint-md, @openclaw-cn, and @starmind packages immediately Rotate any GitHub tokens, npm tokens, AWS credentials, and Vault tokens exposed in CI/CD environments Do not rely solely on Sigstore provenance badges as indicators of package integrity Monitor npm install logs for unexpected preinstall scripts invoking bun Block outbound connections to t[.]m-kosche[.]com at the network perimeter Socket and Endor Labs have both published detailed advisories; here is the list of affected packages. Organizations running affected packages should treat any exposed credentials as fully compromised and initiate incident response procedures immediately. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Guru Baranhttps://cybersecuritynews.com Gurubaran KS is a cybersecurity analyst, and Journalist with a strong focus on emerging threats and digital defense strategies. He is the Co-Founder and Editor-in-Chief of Cyber Security News, where he leads editorial coverage on global cybersecurity developments. Trending News JDownloader Website Compromised to Distribute Malicious Windows and Linux Installers Top 10 Best Data Loss Prevention Software in 2026 Hackers Abuse Legitimate HWMonitor Binary to Load Malicious DLL Payload Critical WordPress Plugin Vulnerability Exposes Websites to Authentication Bypass Attacks Multiple cPanel Vulnerabilities Allows Access to Sensitive System Resources Latest News Botnet Hackers Hijacking Four-Faith Industrial Routers for Botnet Activity Cyber Security News Compromised GitHub Action Exfiltrates Workflow Credentials to Attacker Domain Cyber Security News Critical Apache Flink Vulnerability Enables Remote code execution Attacks Cyber Security News Microsoft Edge Stops Loading Saved Passwords Into Memory at Startup Cyber Security News Attackers Use Cloudflare Storage Endpoint to Exfiltrate Files From Compromised Networks
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    May 19, 2026
    Archived
    May 19, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗