Mini Shai-Hulud returns, compromising hundreds of npm packages | CyberScoop<\/title> <meta name=\"description\" content=\"The resilient worm is again sweeping through npm repositories, stealing developer credentials and planting backdoors that survive package removal\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/mini-shai-hulud-malware-npm-packages-compromised-again\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Mini Shai-Hulud returns, compromising hundreds of npm packages\"> <meta property=\"og:description\" content=\"The resilient worm is again sweeping through npm repositories, stealing developer credentials and planting backdoors that survive package removal\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/mini-shai-hulud-malware-npm-packages-compromised-again\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-05-19T15:28:44+00:00\"> <meta property=\"article:modified_time\" content=\"2026-05-19T15:28:47+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg\"> <meta property=\"og:image:width\" content=\"2291\"> <meta property=\"og:image:height\" content=\"1309\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Greg Otto\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@gregotto\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1778775768g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1778005960g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1775068334g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/89081\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=89081\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmini-shai-hulud-malware-npm-packages-compromised-again%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fmini-shai-hulud-malware-npm-packages-compromised-again%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-89081 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/mini-shai-hulud-malware-npm-packages-compromised-again\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.462962962963\">\n<div class=\"single-article__header-content\" readability=\"32.269503546099\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/mini-shai-hulud-malware-npm-packages-compromised-again\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> Another malware wave is washing through open-source software repos, stealing publishing tokens, installing OS\u2011level backdoors and persisting in developer tools and CI pipelines. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"366\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages.jpg?resize=640%2C366&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg 2291w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg?resize=300,171 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg?resize=768,439 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg?resize=1024,585 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg?resize=1536,878 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg?resize=2048,1170 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg?resize=600,343 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg?resize=294,168 294w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg?resize=590,337 590w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg?resize=1181,675 1181w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-2.jpg?resize=1475,843 1475w\" sizes=\"(max-width: 1181px) 100vw, 1181px\"><figcaption> (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"44.454079453225\"><body readability=\"89.935562606785\"><\/p>\n<p>A self-replicating malware campaign known as <a href=\"https:\/\/cyberscoop.com\/mini-shai-hulud-supply-chain-malware-attack\/\">Mini Shai-Hulud<\/a> has resurfaced, this time embedding itself across hundreds of npm packages. The threat actor behind it, identified as TeamPCP, has been linked to earlier waves of the same campaign, with this latest variant more capable than previous waves.<\/p>\n<p>Researchers analyzing the payload found a worm that spreads autonomously, installs persistent backdoors at the operating system level, and is specifically engineered to survive the most common first response: removing the package.<\/p>\n<h4 class=\"wp-block-heading\" id=\"h-how-the-attack-works\">How the attack works<\/h4>\n<p>The malware executes the moment an affected software package is installed, whether in a developer\u2019s local environment or inside a CI\/CD pipeline. A hook fires before any other step, giving the payload immediate access to the machine.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>It harvests GitHub tokens, npm tokens, SSH keys, cloud provider credentials, and database connection strings. In automated build environments, it uses the pipeline\u2019s own trusted identity to obtain publishing credentials, allowing it to push poisoned package versions to the registry under a legitimate maintainer\u2019s name. The stolen data is sent to attacker-controlled GitHub repositories.<\/p>\n<p>After it steals a publishing token, the malware checks every package that token can access, adds its code to those packages, and publishes new poisoned versions using the maintainer\u2019s account. One infected CI runner \u2014 the machine or virtual server that automatically builds, tests and publishes code for a project \u2014 can therefore taint every package that runner is allowed to publish. It also searches a developer\u2019s computer for other Node.js projects and copies itself into them, so a single infected install can compromise an entire workstation.<\/p>\n<p>\u201cIf any of the affected packages ran in your environment, treat the machine or runner as exposed until secrets are rotated, persistence artifacts are removed, and recent publish activity has been reviewed,\u201d <a href=\"https:\/\/www.aikido.dev\/blog\/mini-shai-hulud-antv-npm-supply-chain-attack\">Aikido Security researchers<\/a> wrote in a blog post. <\/p>\n<h4 class=\"wp-block-heading\" id=\"h-removing-the-package-is-not-enough\">Removing the package is not enough<\/h4>\n<p>Researchers found that a standard dependency rollback leaves the attacker\u2019s access intact. The malware embeds backdoors in developer tool settings \u2014 notably .vscode\/tasks.json and .claude\/settings.json \u2014 which remain on disk even after the npm package is removed. Those files must be audited and cleaned to eliminate the attacker\u2019s foothold.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The payload also installs OS-level background services: a systemd user service on Linux, a LaunchAgent on macOS. Both run a backdoor called kitty-monitor, which polls GitHub\u2019s commit search every hour for signed remote commands. A second process, gh-token-monitor, checks stolen GitHub tokens every 60 seconds \u2014 alerting the attacker the moment one is revoked. An attacker can maintain access and monitor the victim\u2019s response in near real time, long after the original infection has been discovered.<\/p>\n<p><a href=\"https:\/\/research.jfrog.com\/\">Multiple<\/a> <a href=\"https:\/\/safedep.io\/mini-shai-hulud-strikes-again-314-npm-packages-compromised\/\">security companies<\/a> <a href=\"https:\/\/socket.dev\/blog\/antv-packages-compromised\">have pointed out<\/a> which popular dependencies are being targeted. In this wave, it\u2019s been popular data visualization software, including Alibaba\u2019s open-source AntV and TallyUI. The campaign also touched widely used utilities such as echarts-for-react (a React wrapper for ECharts) and timeago.js (a small JavaScript library that allows developers to format timestamps).<\/p>\n<p>\u201cEven if only a subset of those packages received malicious updates, the popularity of the package ecosystem creates meaningful downstream exposure for organizations that automatically pull new dependency versions,\u201d <a href=\"https:\/\/socket.dev\/blog\/antv-packages-compromised\">wrote researchers<\/a> from Socket, an application security company.<\/p>\n<p>The campaign remains active. Because the worm propagates using tokens stolen from infected environments, the number of affected packages is expected to grow. Researchers have warned that any machine or pipeline that installed an affected version should be treated as fully compromised.<\/p>\n<p>Last week, TeamPCP targeted <a href=\"https:\/\/cyberscoop.com\/mini-shai-hulud-supply-chain-malware-attack\/\">other prominent software libraries<\/a> with the malware, including TanStack, UiPath, and MistralAI.<\/p>\n<p><em>This is a developing story and will be updated as information becomes available. <\/em><\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.9529109589041\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/05\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages-1.jpg?w=640&ssl=1\" alt=\"Greg Otto\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Greg Otto<\/h4>\n<p> Greg Otto is Editor-in-Chief of CyberScoop, overseeing all editorial content for the website. Greg has led cybersecurity coverage that has won various awards, including accolades from the Society of Professional Journalists and the American Society of Business Publication Editors. Prior to joining Scoop News Group, Greg worked for the Washington Business Journal, U.S. News & World Report and WTOP Radio. He has a degree in broadcast journalism from Temple University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/mini-shai-hulud-malware-npm-packages-compromised-again\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Mini Shai-Hulud returns, compromising hundreds of npm packages | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4411,5419,78,725,168,6597,1073,256,6671,6277],"tags":[4412,5429,86,728,169,6600,1076,262,6672,6278],"class_list":["post-8656","post","type-post","status-publish","format-standard","hentry","category-application-security","category-ci-cd","category-cybersecurity","category-github","category-malware","category-mini-shai-hulud","category-open-source","category-research","category-ssh","category-worm","tag-application-security","tag-ci-cd","tag-cybersecurity","tag-github","tag-malware","tag-mini-shai-hulud","tag-open-source","tag-research","tag-ssh","tag-worm"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/application-security\/\" rel=\"category tag\">application security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ci-cd\/\" rel=\"category tag\">CI\/CD<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/github\/\" rel=\"category tag\">GitHub<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/malware\/\" rel=\"category tag\">Malware<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mini-shai-hulud\/\" rel=\"category tag\">mini shai hulud<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/open-source\/\" rel=\"category tag\">open source<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/research\/\" rel=\"category tag\">Research<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ssh\/\" rel=\"category tag\">SSH<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/worm\/\" rel=\"category tag\">worm<\/a>","tag_info":"worm","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8656","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8656"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8656\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8656"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8656"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8656"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8656,"date":"2026-05-19T10:28:44","date_gmt":"2026-05-19T15:28:44","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=89081"},"modified":"2026-05-19T10:28:44","modified_gmt":"2026-05-19T15:28:44","slug":"mini-shai-hulud-returns-compromising-hundreds-of-npm-packages","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/05\/19\/mini-shai-hulud-returns-compromising-hundreds-of-npm-packages\/","title":{"rendered":"Mini Shai-Hulud returns, compromising hundreds of npm packages"},"content":{"rendered":"