Shai-Hulud V2 represents a second wave of a sophisticated malware campaign targeting the npm ecosystem, a critical component of modern software development. This campaign has compromised over 700 npm packages and generated more than 27,000 malicious GitHub repositories, indicating a large-scale supply chain attack. The malware advances beyond its predecessor by executing malicious code during the pre-install phase of npm package installation, allowing it to run before the legitimate package code. It establishes persistent backdoor access through self-hosted GitHub Actions runners, enabling attackers to maintain remote code execution capabilities within victim environments. The malware harvests credentials from multiple sources, including local systems and CI/CD environments, and recycles these credentials across victims to maximize access. Data exfiltration occurs covertly via GitHub infrastructure, complicating detection. Additionally, Shai-Hulud V2 includes specialized logic to exploit Azure DevOps build agents, expanding its attack surface beyond npm. A destructive failsafe mechanism is embedded to potentially sabotage infected environments if detection or removal is attempted. The campaign leverages multiple MITRE ATT&CK techniques such as command execution (T1059.007), supply chain compromise (T1195), credential dumping (T1555), and persistence via backdoors (T1078.004). No CVE or known exploits in the wild are currently reported, but the scale and sophistication indicate a significant threat to software supply chains that rely heavily on npm packages and GitHub Actions for continuous integration and deployment.

European organizations that depend on npm packages and GitHub Actions for software development and deployment are at risk of widespread compromise. The malware’s ability to execute code during the pre-install phase means infected packages can silently introduce malicious functionality into applications. Persistent backdoors in CI/CD pipelines can lead to prolonged unauthorized access, enabling attackers to steal sensitive data, intellectual property, and credentials. The credential recycling feature increases the likelihood of lateral movement within and across organizations, amplifying the attack impact. Exploitation of Azure DevOps build agents further broadens the attack vector, potentially affecting enterprises using Microsoft’s DevOps tools. The destructive failsafe mechanism poses a risk of operational disruption or sabotage if the malware is detected and removed. This threat could lead to data breaches, loss of customer trust, regulatory penalties under GDPR, and significant remediation costs. The supply chain nature of the attack complicates detection and mitigation, as compromised packages may be widely distributed and trusted by developers.

1. Implement strict vetting and monitoring of npm packages before inclusion in projects, including scanning for known malicious hashes and anomalous behavior during installation. 2. Restrict and monitor the use of self-hosted GitHub Actions runners; enforce least privilege and isolate runners from sensitive environments. 3. Employ multi-factor authentication and robust credential management to reduce the impact of credential theft and recycling. 4. Continuously monitor CI/CD pipelines and build agents for unusual activity, including unexpected outbound connections or code execution patterns. 5. Use dependency scanning tools integrated into development workflows to detect compromised packages early. 6. Regularly audit and rotate credentials used in CI/CD environments and Azure DevOps to limit attacker persistence. 7. Educate developers and DevOps teams about supply chain risks and encourage reporting of suspicious package behavior. 8. Collaborate with npm and GitHub security teams to report and remediate malicious packages and repositories promptly. 9. Consider implementing network segmentation and egress filtering to limit exfiltration channels. 10. Maintain incident response plans tailored to supply chain compromise scenarios to enable rapid containment and recovery.