There is an aggressive new wave of npm supply-chain attacks, known as "SHA1-HULUD 2.0," which uses much of the tradecraft of the prior Shai-Hulud campaign while introducing more potent execution methods and an interesting persistence mechanism. The campaign leverages compromised maintainer accounts to publish trojanized versions of legitimate npm packages, leading to credential theft and data exfiltration.

The scope of the compromise is extensive, with packages from major ecosystems like Zapier, ENS Domains, PostHog, and Postman being affected. Researchers from Wiz are currently tracking more than 25,000 affected repositories across approximately 350 unique users, with a rapid infection rate adding roughly 1 ,000 new repositories every 30 minutes in the early stages of the campaign.

Technical Details of the New Variant

Unlike earlier versions, the SHA1-HULUD 2.0 variant has been modified to significantly increase exposure in build and runtime environments:

  • Execution Phase: The malicious code is now executed during the preinstall phase using install lifecycle scripts, a critical stage that can impact both development and automated build pipelines.
  • Payload Files: The campaign introduces new payload files, specifically setup_bun.js and bun_environment.js.
  • Targeting: The threat has expanded its targeting, particularly across the PostHog, Postman, and AsyncAPI ecosystems.

Stealthy Backdoor Mechanism

Payload analysis by Wiz researchers shows the actor behind this campaign is focused on establishing long-term remote access to infected machines through a sophisticated GitHub workflow:

  1. Self-Hosted Runner Registration:The payload registers the infected machine as a GitHub self-hosted runner, naming it 'SHA1HULUD'.
  2. Vulnerable Workflow Injection: The attacker then adds a new workflow file, .github/workflows/discussion.yaml, to the victim's GitHub repository. This workflow contains an injection vulnerability designed to run specifically on self-hosted runners.
  3. Command Execution: This setup allows the attacker to execute arbitrary commands on the infected machine in the future simply by opening discussions in the victim's GitHub repository, effectively creating a persistent, low-profile backdoor.

There is a second payload too, which has several functions, most notably grabbing and exfiltrating GitHub secrets. 

“It then lists and collects all secrets defined in the Github secrets section and uploads them as an artifact. This information is written as the actionsSecrets.json file in the exfiltration repositories. The payload then downloads the newly created artifact. The file is downloaded to the compromised machine as part of the exfiltration processes,” Wiz’s analysis says.

Researchers at Socket are also tracking the Shai-Hulud 2.0 campaign and have a running list of compromised packages going on their blog. 

The original Shai Hulud npm worm emerged in September and quickly affected several dozen packages. That campaign was tied to an earlier compromise of an upstream npm package but this second version of the worm appears to be separate.

  • Recent Posts

  • Recent Comments

    No comments to show.