Shai-Hulud 2.0 Exposed Hundreds Of Thousands Of Developer Secrets
The discovery of a malware campaign called Shai-Hulud 2.0 has drawn widespread attention across the cybersecurity world, not only because it affected a large number of people, but also due to its unusual spread.
Although the name sounds like something from science fiction, the threat remains very real. It directly targeted the tools that software developers use every day, and in doing so, exposed as many as 400,000 secrets, including login tokens and access keys stored on developers' computers.
To understand why Shai-Hulud 2.0 matters, it is helpful to first examine its location. JavaScript, a popular programming language, powers a significant portion of the Internet, with developers relying heavily on NPM, a large online collection known as a package registry, where developers download software components called packages to enable their applications to run.
These packages can encompass everything from basic design tools to advanced frameworks. Most developers trust these packages completely because they come from a community-driven ecosystem. However, this trust is exactly what Shai-Hulud 2.0 sought to undermine.
Shai-Hulud 2.0 hid itself inside legitimate-looking NPM packages, and once a victim installed the package, the malware triggered automatically. This occurred even before the installation finished, giving developers no time to notice anything suspicious.
The malware then abused a tool called TruffleHog, which security teams originally developed, to search the victim's computer for sensitive information. This included cloud access keys, GitHub tokens, environment variables, and other secrets developers use within their workplace or personal projects. In total, researchers estimated that the malware leaked 400,000 secrets in this manner.
What made Shai-Hulud 2.0 especially troubling was its ability to spread independently. If it found a developer's NPM login token—a special code used for authentication—it logged into their NPM account and published malicious versions of their other packages.
In other words, the malware used its victims to infect more victims. This cascading effect created a worm-like chain reaction across the ecosystem, compromising hundreds of packages (software components) and potentially affecting millions of downstream users.
Investigators also found something far stranger. Instead of quietly sending stolen secrets to some hidden server, Shai-Hulud 2.0 uploaded them to new GitHub repositories it created in the victims' own accounts.
As a result, developers discovered entire repositories of their own credentials appearing without their knowledge. In total, researchers estimate that attackers created approximately 30,000 such GitHub repositories before the campaign was halted.
Many of the leaked secrets remained valid long after researchers discovered the attack, allowing attackers to continue using them if victims did not reset their credentials promptly.
In rare situations, when the malware was unable to upload stolen secrets or log in properly, it included code that attempted to delete the user's entire home directory. For many developers, this directory holds their projects, tools, and configuration files. This destructive capability increased the attack's danger.
Security firms that analyzed the incident described Shai-Hulud 2.0 as one of the most damaging supply chain attacks ever seen in the NPM ecosystem. The attack highlighted serious weaknesses in the systems and habits many developers rely on daily.
How Shai-Hulud First Emerged
Shai-Hulud 2.0 did not emerge from nowhere. It was actually a follow-up to the first Shai-Hulud attack, which took place only months earlier. The original campaign affected around 187 NPM packages and followed a similar pattern: it spread through developer accounts by stealing credentials and republishing infected code.
The first attack injected malicious JavaScript into packages, allowing the malware to scan for sensitive information with every installation. It then used any stolen NPM tokens to publish additional malicious packages, which spread rapidly. Although this wave was smaller, it demonstrated how a single compromised account can infect the ecosystem.
The threat of supply chain attacks on NPM had already been rising for years. Shai-Hulud was not the first major incident in 2025. Earlier that year, attackers used a clever phishing email to compromise the account of a maintainer responsible for widely downloaded packages, such as chalk and debug.
These are not small projects; they receive billions of downloads every week. When the attacker gained access, they quickly published malicious versions of these packages. The packages were downloaded worldwide before security teams became aware of them.
Instead of stealing secrets, the attack attempted to hijack cryptocurrency transactions. The malware monitored for signs that users were interacting with digital wallets in their web browsers and then attempted to redirect funds to the attacker. Although the malicious versions were removed quickly, the incident demonstrated how easily a single compromised maintainer could poison large parts of the JavaScript ecosystem.
Over the following months, more malicious packages appeared, often uploaded under fake names or as typos of popular packages. Security firms have noted a nearly 50% rise in malicious NPM packages compared to the previous year. These developments, along with the first Shai-Hulud outbreak, set the stage for the more damaging second wave.
To mitigate the risk of future attacks, developers and organizations must implement several practical measures. These are among the most effective:
- Enable strong multifactor authentication (MFA) on NPM, GitHub, and cloud accounts to prevent attackers from stealing accounts through phishing or login theft.
- Maintain an up-to-date Software Bill of Materials (SBOM), which is a list of all software components and dependencies, for each project to track dependencies and quickly identify compromised packages.
- Regularly scan code and build processes for unusual or suspicious activity, especially install scripts that trigger before or after packages are installed.
- Revoke and rotate all sensitive tokens and keys immediately if a malicious package is discovered in a project.
- Limit CI/CD pipeline permissions and avoid allowing automated processes to install packages with powerful pre-installation scripts.
Shai-Hulud 2.0 serves as a stark reminder that supply chain attacks are now a common occurrence. By compromising trusted NPM packages, attackers exploit the foundation of the open-source ecosystem.
Although these attacks may seem remote to end users, they impact numerous apps and services. For developers, they underscore the urgent need to secure accounts, review dependencies, and improve software visibility.
Share:
Facebook
X.com
LinkedIn
Copy Link
Karolis Liucveikis
Experienced software engineer, passionate about behavioral analysis of malicious apps
Author and general operator of PCrisk's News and Removal Guides section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over 8 years working in this branch. He attended Kaunas University of Technology and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications.
PCrisk security portal is brought by a company RCS LT.
Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.
Our malware removal guides are free. However, if you want to support us you can send us a donation.
DonatePCrisk security portal is brought by a company RCS LT.
Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.
Our malware removal guides are free. However, if you want to support us you can send us a donation.
Donate
▼ Show Discussion