Shai-Hulud worm returns, belches secrets to 25K GitHub repos

November 24, 2025 TH Author

A self-propagating malware targeting node package managers (npm) is back for a second round, according to Wiz researchers who say that more than 25,000 developers had their secrets compromised within three days.

The affected packages include those provided by Zapier, AsyncAPI, ENS Domains, PostHog, and Postman, several of which have thousands of weekly downloads.

The campaign, dubbed “Shai-Hulud” for the frequent references to the Dune worm in published data, first emerged in September.

The wormable malware spread via compromised npm packages. Once installed, it would scan infected hosts for AWS, GCP, Azure, and GitHub credentials before publishing them to users’ own GitHub repositories.

Wiz said the latest attacks, possibly launched by separate criminals, operate similarly to the first – scanning infected machines for secrets which the malware then publishes to victims’ own repositories.

As of September 24, more than 25,000 repositories had published their own secrets, and 1,000 more were being added every 30 minutes over “the last couple of hours,” Wiz said on Monday morning.

GitHub is actively deleting compromised repos, but the pace at which the worm is spreading makes cleanup a challenge.

The attack borrows much from the infection chain of the initial September variant. The attackers gain access to npm maintainer accounts and publish trojanized versions of their packages, appearing to originate from the official source.

Developers then unwittingly download and run the malicious code, which backdoors their machines and scans for credentials and CI/CD secrets, which are then published to the user’s own repositories.

One notable difference in Shai-Hulud 2.0, as Wiz is calling it, is that the malicious code is executed during the pre-install phase. The researchers warned that this could “significantly” increase potential exposures in build and runtime environments.

The attacks began on November 21 and the attackers – identity unknown – had trojanized affected npm packages by November 23.

The most obvious giveaway that the latest worm activity has affected you is if your GitHub repo has new publications with “Shai-Hulud” in the description, but Wiz also provided various other indicators of compromise (IoCs) in its writeup.

It said security teams should clear the npm cache and roll back dependencies to builds published before November 21.

They should also rotate their credentials, manually hunt for signs of compromise (new repos, suspicious commits referencing “hulud,” and new npm publications), and harden development pipelines.

Fresh supply chain attacks targeting the npm registry have been discovered frequently over the past year, at times affecting hundreds of thousands of packages.

Following the first Shai-Hulud attacks, which infected more than 500 packages in total, and GitHub having to scour its users’ repos for exposed secrets, the development platform announced a tightening of security regarding npm.

It responded by overhauling authentication protocols, switching from time-based one-time password 2FA to a FIDO-based method, for example, deprecating legacy classic tokens, and making other similar changes.

Npm itself also announced that it would disable classic token creation, and all existing classic tokens will be revoked on December 9. ®