The Mini Shai-Hulud supply chain attack compromised the NPM maintainer account 'atool', which manages multiple packages in the @antv namespace. Attackers published 639 malicious package versions that include install-time payloads triggering multi-stage infection chains. These payloads harvest CI/CD secrets from GitHub Actions runner memory and credentials from over 130 file paths related to cloud providers, Kubernetes, HashiCorp Vault, cryptocurrency wallets, and developer tools. The stolen data is exfiltrated through GitHub repositories and fallback servers. The malware also abuses NPM registry APIs to validate tokens, enumerate maintainable packages, inject malicious code, and republish infected packages under the compromised maintainer's identity. Unlike prior campaigns, this attack downloads and executes Python code for ongoing remote execution and drops persistent backdoors. The campaign spans multiple ecosystems but is predominantly focused on NPM. The attack is attributed to the hacking group TeamPCP. No patch or vendor advisory is referenced in the provided data.

The attack compromises the integrity of over 320 NPM packages, including popular ones with millions of weekly downloads, potentially affecting a broad range of applications and CI environments. It enables attackers to steal sensitive credentials and secrets from CI/CD pipelines and cloud environments, achieve persistence on infected systems, and maintain remote code execution capabilities. The supply chain compromise can propagate malicious code downstream to dependent projects, increasing the attack surface. The campaign also impacts GitHub Actions and VS Code extensions, further broadening potential exposure. No known exploits in the wild are reported yet, but the scale and sophistication indicate a significant medium-level threat to software supply chain security.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Organizations using packages from the @antv namespace or related affected ecosystems should monitor official advisories from package maintainers and security researchers. Immediate mitigation steps include auditing dependencies for suspicious versions, removing or replacing compromised packages, and rotating any exposed credentials or secrets in CI/CD and cloud environments. Given the attack's ability to exfiltrate secrets and persist, affected environments should be thoroughly investigated for signs of compromise. Vendors managing package registries and CI/CD platforms should be consulted for updates and protective measures.