Ongoing Supply Chain Attack Targets CrowdStrike npm Packages Socket identified multiple compromised CrowdStrike npm packages appearing as part of the ongoing “Shai-Halud” supply chain attack campaign. This campaign previously affected Tinycolor and over 40 other packages. --- Attack Details The attack involves malicious npm packages published from the crowdstrike-publisher npm account. The malware payload includes a bundle.js script that: Downloads and runs TruffleHog, a legitimate secret scanning tool. Searches host systems for tokens and cloud credentials. Validates discovered developer and CI credentials. Creates unauthorized GitHub Actions workflows in repositories. Exfiltrates sensitive data to a hardcoded webhook endpoint (hxxps://webhook[.]site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7). A GitHub Actions workflow file shai-hulud.yaml is deployed for persistence, referencing “Shai-Hulud,” a sandworm from Dune. Thousands of public GitHub repositories named “Shai-Hulud Migration” appeared, likely linked to attacker automation for staging persistence. --- Malware Behavior and Impact The malicious script targets environment variables like GITHUBTOKEN, NPMTOKEN, AWSACCESSKEYID, and AWSSECRETACCESSKEY. It validates npm tokens using the whoami endpoint and interacts with GitHub APIs with available tokens. It attempts cloud metadata discovery to gather temporary credentials on cloud build agents. Once the workflow is committed, future CI runs can leak secrets through the pipeline. The npm registry has removed affected packages quickly. --- Compromised Packages & Versions Extensive list of affected npm packages from various namespaces including: @crowdstrike/, @art-ws/, @ctrl/, @nativescript-community/, @operato/, @teselagen/, @things-factory/, @tnf-dev/, @nstudio/, @yoobic/, among others. Packages span numerous versions, with hundreds of compromised versions identified. The attack surface continues to grow; ongoing updates are planned. --- Immediate Guidance Uninstall or pin affected packages to known-good versions until fixed versions are verified. Audit environments (CI/CD agents, developer machines) that installed these versions for signs of credential compromise or unauthorized publishes. Rotate npm tokens and secrets if environment with publishing rights were exposed. Monitor logs for unusual npm publish or package modification events. --- Timeline (UTC) Sep 14, 2025 17:58: First observed compromised packages (several initial packages). 20:29–20:45: First large burst of 25+ compromised packages. 21:01–21:03: Additional burst (~17 packages). Sep 15, 2025 Multiple bursts with different payload hashes; more than 150 packages compromised across the day. Sep 16, 2025 01:14: Largest single burst (nearly 100 CrowdStrike packages). Other bursts targeting mostly @operato/ packages. Several hashes reused from previous bursts. --- Indicators of Compromise bundle.js SHA-256: 46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09 Exfiltration webhook endpoint: hxxps://webhook[.]site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7 Multiple SHA-256 hashes of malicious payload batches listed. --- Additional Information A full technical analysis and remediation guidance will be published as investigations continue. This attack demonstrates the serious threat posed by compromised supply chain components in software development ecosystems. --- Related Posts AI + a16z Podcast: Vibe Coding, Security Risks, and the Path to Progress Creating an Effective Vulnerability Management Program for Open Source Vulnerabilities How to Evaluate an SCA with Reachability: Benchmarking Hard-to-Analyze Language Features --- Summary: The ongoing supply chain attack known as "Shai-Halud" has compromised multiple