A new wave of the Sha1-Hulud malware campaign has unfolded, indicating further exacerbation of supply-chain attacks against the software development ecosystem. The recent attacks have hit the Node Package Manager, or npm, one of the largest open-source package managers that supplies JavaScript developers around the world. Once the attackers compromise vulnerable packages within npm, the malicious code will automatically be executed whenever targeted developers update to vulnerable versions, oblivious to the fact. Current estimates indicate nearly 1,000 npm packages have been tampered with, thereby indirectly affecting tens of thousands of repositories.
Sha1-Hulud first came into light in September 2025, when it staged its first significant intrusion into npm’s ecosystem. The past campaign included the injection of trojanized code into weakly-secured open-source libraries that then infected every development environment that had the components installed. The malware from the initial attack was also encoded with a credential harvesting feature, along with a worm-like mechanism intended for the proliferation of infection.
The latest rendition, seen in new activity, extends the attack vector and sophistication. Among others, it includes credential theft, self-propagation components, and a destructive “self-destruct” module that aims at deleting user data in case interference with the malware is detected. The malware now demonstrates wide platform compatibility, running across Linux, macOS, and Windows systems, and introduces
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: