ctrl/tinycolor and 40+ NPM Packages Compromised --- Executive Summary The popular NPM package @ctrl/tinycolor (2+ million weekly downloads) and over 40 other NPM packages have been compromised in a sophisticated supply chain attack. The malware features: Self-propagation: It infects downstream packages recursively. Credential harvesting: AWS, GCP, Azure credentials using TruffleHog. Persistence: Inserts GitHub Actions backdoors to exfiltrate secrets. Targeted environments: Linux/macOS (not Windows). Compromised versions have been removed from npm. The attack was discovered and reported promptly on GitHub. --- Technical Analysis The attack is a multi-stage, sophisticated modular JavaScript payload (~3.6MB minified bundle.js) triggered asynchronously during npm install via a hijacked postinstall script. Key Components: Self-Propagation Engine Uses NpmModule.updatePackage to query maintainer's packages and force-publish patched malicious versions, leading to widespread ecosystem infection. Credential Harvesting Uses TruffleHog to scan filesystem for secrets with high entropy. Scans environment variables, capturing tokens such as GITHUBTOKEN, AWSACCESSKEYID. Interacts with cloud SDK APIs to enumerate secrets in: AWS Secrets Manager via paginated API calls. Google Cloud Platform Secret Manager. Azure credentials and cloud metadata endpoints. NPM authentication tokens. Persistence Mechanism Injects a malicious GitHub Actions workflow file (.github/workflows/shai-hulud-workflow.yml) through a base64-encoded bash script. This workflow triggers on every push and exfiltrates repository secrets to a C2 endpoint. Manipulates GitHub branches (refs/heads/shai-hulud) to ensure persistence. Data Exfiltration Collects data into a JSON payload. Creates a public GitHub repo Shai-Hulud to upload stolen credentials for attacker access. Environment Targeting Specifically checks for Linux or macOS (via os.platform()) to execute, skipping Windows systems. --- Attack Mechanism Overview Injected JavaScript bundle uses Webpack chunks for modular organization of OS reconnaissance, cloud API calls, and propagation. Six core modules handle steps like system info gathering, credential harvesting for AWS/GCP, filesystem scanning, NPM propagation, and GitHub backdoor establishment. Modules Highlights: OS Recon ([Module 71197]) Gathers system profile, environment variables including credentials. AWS Credential Harvesting ([Module 56686]) Uses STS AssumeRoleWithWebIdentityCommand, lists secrets with AWS SDK, handles errors silently. GCP Secret Manager ([Module 9897]) Lists secrets, paginates results, silently ignores permission errors. Filesystem Secret Scan ([Module 94913]) Runs TruffleHog command to detect secrets on filesystem. NPM Propagation ([Module 40766]) Validates NPMTOKEN, fetches maintainer packages, patches and publishes malware recursively. GitHub Backdoor ([Module 82036]) Authenticates with GitHub API, injects the malicious workflow to extract repository secrets. --- GitHub Backdoor Bash Script (Summary) Defines GITHUBTOKEN and malicious workflow details. Workflow triggers on any push, exfiltrates secrets via a webhook (https://webhook.site/...). Creates or updates a branch (shai-hulud) and commits the workflow file. Ensures persistence and ongoing secrets exfiltration. --- Indicators of Compromise (IoCs) GitHub Search Queries Find malicious workflow in your org: org:ACME path:**/shai-hulud-workflow.yml type:code Detect malicious branches (shai-hulud):