Hey dev community! As soon as you have banished the last specter from the code, the next nightmare knocks on the door in the form of a A more aggressive version of notorious npm worms, This time, the security analyst in the name of Shai-Hulud 2.0 baptized.
And this time he is not only faster, but also has an even bigger prey in his sights: About 27,000 access data are already stolen, and the worm is now even attacking prominent Low-code platforms Like Zapier and Postman. It seems that the attackers learned from their mistakes and elegantly circumnavigated all the bottlenecks of the first wave.
Let's take a look at what's going on (again) in the npm ecosystem, what packages are affected, and what you need to do now to keep this sandworm from snatching away the credentials.
Bottleneck eliminated: The second wave is more aggressive
The same assailants behind Shai-Hulud 2.0 Just like the first time, it's still unclear, but the result is the same: A massive infestation of npm packages.
On Monday afternoon were according to heise.de already More than 425 npm packages infected, which together over 100 million monthly downloads Come on, come on. Among them are really thick fish, like packages of:
- AsyncAPI
- ENS domains (Ethereum name service)
- Various API, low and no-code platforms, especially Zapier and Postman (Look at the list below, that's awful.)
The worm appeared to hit on the weekend (21-23 November), with the go-template packages and various repositories below AsyncAPI first affected.
How did he steal the secrets?
The genius (and horror!) of this new version lies in the way the stolen credentials are published:
- The malware takes over a repository.
- It searches it for access data (secrets).
- The stolen data will be Published directly under the victim's account on Github.
The new repository where the Secrets land bears the unmistakable title ‘Sha1-Hulud: the Second Coming’. Thus, the attackers bypassed the biggest weak point of the last outbreak: At that time, they used a webhook platform, the endpoint of which was quickly blocked. Now they use Github itself as a central storage location, which makes the clean-up work for Github a battle against windmills, as new code directories are constantly being created. By Monday afternoon there were already over 27,800!
The tactics: Worn workflows and C&C servers
Shai-Hulud 2.0 is quite cleverly built and uses several mechanisms to get stuck:
- Backdoor per C&C: Several Github workflows are responsible for intercepting access data and installing a Backdoor on the infected machine. This backdoor is controlled by the Discussion function in the infected repositories, a self-hosted Command&Control server (C&C) directly on Github!
- The ‘Code Formatter’: A second workflow with the harmless sounding name ‘Code Formatter’ searches for secrets of the attacked Github account and then loads them in the JSON format up.
- Cross-platform: The worm is not picky and appears with customized malicious code Linux, Windows and macOS to support.
By the way, the timing is remarkable: The attack comes just a few days before npm am 9. December Abolish "classic tokens" for authentication. The developers of Sha1-Hulud probably wanted to pay attention again before this security change takes effect.
Emergency measures: What you need to do now
The clean-up is in full swing, but everyone needs to be vigilant and act now! Wizz, Koi and Aikido quickly reported the threat.
1. Testing and Disposal
- Check your infrastructure: Check your entire development infrastructure for suspicious signs and, most importantly, for the use of the ones below. Known Infected Packages.
- Dispose of immediately: If you use one of the packages: Dispose of it immediately from your project.
- Updates from: Disable automatic packet updates until the situation calms down.
2. Rotate everything (Important!)
If you have the slightest suspicion of an infection or have used an affected package, this is absolutely critical:
- Rotate all access data! This does not only apply to Github and npm, but also for accounts with hyperscalers such as GCP, AWS and Azure. All secrets must be new!
The specialists are still cautious about attribution, but the methods are similar to the predecessor. It's time to put up the shields!
List of affected packages (selection & most important)
To help you quickly check if you're affected, here's a selection of the prominent and most important infected packages reported on Monday afternoon:
- @asyncapi/ (many packages affected)
- @ensdomains/ (Almost all packages affected!)
- @posthog/ (Many packages affected!)
- @postman/ (Many packages affected!)
- @trigo/ (Many packages affected!)
- @zapier/ (many packages affected, incl.
zapier-platform-cli) go-templateposthog-js- ...and unfortunately many, many More!
The full list is huge! Be sure to check them out if you use any of these technologies:
Link to koi.ai, alternatively Link to aikido.dev To be sure, but the most important ones so far are mentioned above. You should compare your dependencies with the official, current list yourself!
countermeasures
TL:DR
Shai-Hulud 2.0 Emergency Checklist for Developer Teams
These steps are critical to stopping an ongoing infection and preventing further damage.
I. Detection & Isolation
| action | detail |
| Check all dependencies | Same as the currently used npm Packages containing the full list of infected packages (especially go-template, AsyncAPI, ENS, Postman, Zapier packages). |
| Isolate infected packages | All infected packages immediately Remove from project dependencies. |
| Stop automatic updates | Temporarily disables all automatic packet updates to prevent re-infection. |
| Perform system scan | Runs virus scans on the development machines as the worm installs backdoors. |
II. Critical rotation of access data (secrets)
Adoption: Assuming that all secrets used by an infected machine or in an infected repository, compromised are.
| Platform/service | What to rotate? |
| npm | All npm tokens the team members, especially the publish tokens. |
| GitHub/GitLab/Bitbucket | All Personal Access Tokens (PATs) and SSH Key the affected users. |
| CI/CD tools | All secrets used in workflows or pipelines (GitHub Actions Secrets, Jenkins, GitLab CI variables, etc.). |
| Cloud provider | All API Keys, Access Keys, Secret Keys (e.g. AWS, GCP, Azure) need to be renewed. |
| Internal services | Any database credentials, Slack tokens, or other internal API keys stored on the affected systems. |
III. System recovery & prevention
| action | detail |
| Reinstalling systems | Ideally, reinstall all affected development machines to make sure that the backdoors are removed. |
| Multi-factor authentication (MFA) | Verifies that MFA is enabled and enforced on all critical accounts (npm, GitHub, Cloud). |
| Least privilege principle | Ensures that CI/CD tokens and personal tokens only Minimally Necessary Rights have. |
| Monitoring sources | Watch for official updates from npm, GitHub and security researchers (Wizz, Koi, Aikido). |
Do you feel familiar? Marmot day? It's because we have the whole I've had one in September. After all, this and similar haunting ends at the latest after the 9. December, when Github implements the announced security measures.
Get your team ready to start with this list.
Stay safe and check your deps! The weekend may be over, but the work never stops for developers in the quasi-permanent security crisis.
EN 
DE 
ES 
FR 
IT