A newly released report from managed detection and response firm Expel Inc. reveals an advanced variant of the Shai Hulud malware, highlighting how software supply chain attacks are moving beyond isolated malicious packages to large-scale, self-spreading campaigns that exploit developers as unwitting distribution channels.
Originally detected in September, the Shai Hulud malware campaign targets the JavaScript ecosystem and prioritizes supply chain compromise over conventional endpoint attacks. It spreads through trojanized Node Package Manager (npm) packages designed to steal credentials and replicate across developer environments.
According to Expel, the latest iteration of Shai Hulud automates the takeover of developer systems and the npm registry by combining credential harvesting, cloud secret extraction and rapid self-propagation. The malware is typically triggered during an npm install process on a developer’s machine or within continuous integration and continuous delivery pipelines.
Once activated, the malicious package initiates a two-stage infection process. In the first phase, it prepares the environment by installing the Bun JavaScript runtime if it is not already available. The second phase launches a highly obfuscated background payload responsible for stealing credentials, exfiltrating data a
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: