The Shai-Hulud supply chain attack campaign, already responsible for compromising hundreds of CrowdStrike’s NPM packages in September, is back with a vengeance, according to a new warning by the folks at Aikido Security.
A new version of the self-propagating Shai-Hulud worm – apparently “named after the gigantic sandworms from Dune as part of the attacker's flair for theatrics” – is wreaking havoc, once again, across several developer environments, Aikido malware researcher Charlie Eriksen wrote in a security blog posted on Monday.
This time, the latest round of victims claimed in the attacks include Zapier, ENS, AsyncAPI, PostHog, and Postman, whose packages have now been infected with malicious code, the cybersecurity firm states, providing a timeline of recently unfolding events.
🚨 @zapier Has been compromised on NPM
undefined Aikido Security (@AikidoSecurity) November 24, 2025
Multiple packages on NPM belonging to Zapier have been infected by the same threat actors behind the Shai Hulud attack last month.
Packages compromised so far
- zapier-platform-core
- zapier-platform-cli
- zapier-platform-schema
-…
Ensar Seker, CISO at SOCRadar says the Shai‑Hulud campaign marks a dramatic escalation in software supply‑chain threats. “This isn’t a typical ‘package compromise’; it’s a worm embedded into the dev supply chain."
"Attackers have shifted from targeting compiled binaries and runtime environments toward the very processes developers use to build and ship software," Seker points out, adding that even organizations that don't use npm are still at risk.
“Unlike earlier attacks that compromised only a handful of packages or relied on drop‑in malicious dependencies, this self‑propagating malware abuses developer workflows, steals developer/CI CD credentials, publishes them to public GitHub repositories, and then uses those credentials to infect additional packages,” Seker explains.
"The attacker turns every infected developer workstation and CI runner into a distribution node. Even downstream dependencies or dev toolchains can become the launch pad," he says.
Escalating campaign started months ago
Allegedly contained on September 24th, the original Shai-Hulud attack had compromised over 500 widely used npm packages, prompting GitHub (which owns the Node Package Manager (NPM) for JavaScript, plus its npm registry and npm CLI), to enforce stricter authentication for publishing packages.
The attacks also spurred a September warning from the US Cybersecurity and Infrastructure Security Agency (CISA) urging developers to comb through systems for affected packages, immediately delete all compromised developer credentials, check for malicious leftovers, and more.
According to the Aikido post-mortem, attackers spent 74 days hiding malicious triggers inside GitHub Actions workflows (ie. PostHog, AsyncAPI, and Postman), before pulling them all at once.
“If a developer installs one of the bad packages, the malware quietly runs during installation, before anything even finishes installing,” Erkisen explains. This gives it access not just to the developer’s machine but also to the build systems or cloud environment, the security researcher says.
“It then uses an automated tool (TruffleHog) to search for sensitive information like passwords, API keys, cloud tokens, and GitHub or NPM credentials,” rounding out the attack.
What’s more, Eriksen also reminds developers that if the “stolen secrets include access to code repositories or package registries,” the attack can penetrate more layers, and even replicate further.
The 'Second Coming'
The Shai-Hulud worm is known to automatically scan infected environments for sensitive credentials, especially GitHub Personal Access Tokens and, as mentioned previously, application programming interface (API) keys for cloud services such as Amazon Web Services (AWS), Google Cloud Platform, or Microsoft Azure.
Right after the initial attacks, NPM, the world's largest software registry, announced it would revoke classic tokens on December 9th, which, unfortunately, seemed to trigger one last ‘Shai-Hulud hurrah’ from the attackers, Eriksen wrote in the Aikido post.
“With many users still not migrated to trusted publishing, the attacker seized the moment for one more hit before NPM’s deadline,” Eriksen said.
August 27 - Aikido report details S1ngularity campaign targeting several nx packages on npm.
The Attacker Timeline
September 16 - First wave of the Shai-Hulud attacks.
September 18 - Aikido publishes follow-up analysis on campaign.
November 24 - Second wave of attacks, threat actor dubs “Second Coming.”
Aikido, providing a list for reference, says in total, the "492" newly compromised packages are downloaded from platform, approximately "132 million" times per month.
Eriksen also notes significant differences between the two malware versions, including the creation of a randomly named repository to store the stolen data (instead of a hardcoded one), complete with a description that reads, "Sha1-Hulud: The Second Coming," as well as the ability to infect up to 100 npm packages, from its previous limit of 20.
What can organizations do now?
To defend against the latest Shai-Hulud attack, Seker says dev and security teams must treat npm package management and CI/CD pipelines as part of the threat surface.
“This means enforcing strict token/scoped access policies, limiting or auditing lifecycle scripts (especially preinstall/postinstall hooks), monitoring secrets in build environments, and using behavioral analytics to detect unusual GitHub Actions workflows or outbound connections from build hosts,” Seker tells Cybernews.
“Given the worm‑like nature of Shai‑Hulud, time is of the essence: any delay in rotating tokens or cleaning compromised build agents can lead to rapid spread,” Seker further stressed.
Aikido lists half a dozen recommendations security teams can take to help harden their systems.
- Audit all Zapier/ENS-related npm dependencies and versions.
- Rotate all GitHub, npm, cloud, and CI/CD secrets used during installs.
- Check GitHub for strange repos with the description “Sha1-Hulud: The Second Coming”
- Disable npm postinstall scripts in CI where possible.
- Pin package versions and enforce MFA on GitHub and npm accounts.
- Use tools like Safe-Chain to block malicious packages on NPM
“Because trusted ecosystems were involved and millions of downloads are affected, any team using NPM should immediately check whether they were impacted and rotate any credentials that may have leaked,” Eriksen said.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked