Copycat hackers are competing to win $1,000 for the largest supply chain attack using Shai-Hulud, an open-sourced worm that has brought down a few major open-source projects. Malicious NPM packages are already appearing with nearly identical code, and researchers warn that this is only the beginning.
Another threat actor has joined the malicious supply chain campaigns, and 4 more malicious packages have been detected on NPM (Node Package Manager), the world’s largest open-source software registry for JavaScript.
Cybercriminals are competing to pull off the largest supply chain attack using Shai-Hulud. This worm has been wreaking havoc on NPM and other repositories since last year, and it has now been open-sourced.
TeamPCP, the mastermind behind many recent supply chain attacks and the creator of the malware, posted a $1,000 contest for the biggest supply chain attack.
“For the people upset the prize is ‘too small,’ … we will purchase all meaningful access from you harvested from your campaigns/give you a large percentage of the ransoms/sales through our monetization network,” TeamPCP said in a post on BreachForums.
The four detected NPM packages published by a new threat actor are all newly created fakes, not compromised legitimate ones. Still, developers, tricked by typosquatted names, downloaded them at least 2,678 times.
“Anyone installing any of the malicious packages, on any version, is directly affected,” the researchers warn,” Ox Security warns in a new report on TeamPCP copycats.
“It’s just the first phase of an upcoming wave of supply chain attacks coming.”
New hackers adopting the malware
The “contestants” are experimenting with different types of malware, as each of the 4 packages posted by the same unknown attacker contains different infostealers, including one DDoS botnet package.
The packages mimic popular NPM packages, such as axios-utils and chalk-templates, or pretend to be generic, useful tools. Attackers swapped letters in the names and added random strings to publish them.
One of the malicious packages, “chalk-tempalte,” was a nearly exact copy of Shai-Hulud with no obfuscation techniques added. The attackers used an open-source malware version previously posted on GitHub, but updated it with their own command and control server and credentials.
Cybernews previously reported that this malware is capable of checking over 100 hardcoded paths and exfiltrating secrets, crypto wallets, and account credentials, which are later used to spread it further by publishing new malicious packages.
“The 4 malwares are inherently different, as the collected data varies between them, including exfiltrated IP addresses, Cloud configurations, crypto wallets, environment variables, and even one malware turning the victim’s machine into a DDoS botnet – all from the same npm user,” the Ox Security researchers said.
Other malicious packages leveraged different malware, as follows:
- @deadcode09284814/axios-util: a straightforward infostealer sending SSH keys, env variables, cloud credentials to an attacker-controlled server.
- Axois-utils: runs a local DDoS botnet service written in GoLang, maintains persistence even after the malicious npm package is deleted. Targets the website with HTTP, TCP, UDP, and Reset requests.
- Color-style-utils: another straightforward infostealer with no obfuscation or hiding techniques, collecting user IPs, geo location, and crypto wallets.
The hackers are using generative AI to code malware for different purposes and different types of data targeted.
All 4 packages were uploaded within a 24-hour window. The researchers urge anyone who might’ve pulled them to uninstall the malicious packages, delete any related configurations, rotate credentials and keys, and check repositories for potential compromise.
“Threat actors are getting even more motivated to conduct supply chain and typo-squatting, as attacks become easier to perform with the Shai-Hulud code becoming open source,” OX Security warns.
Just last week, TeamPCP, in collaboration with Shai-Hulud, compromised TanStack, Mistral, and other major NPM projects and released over 400 malicious NPM packages. Shai-Halud is a reference to giant sandworms in the “Dune” novels by Frank Herbert. The malware first appeared in late 2025 and has been wreaking havoc on open source repositories since then.
TeamPCP’s months-long supply chain campaigns span multiple ecosystems, including GitHub, npm, OpenVSX, PyPI, and Docker Hub.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked