Shai-Hulud
Self-replicating npm and PyPI supply chain worm that harvests developer, cloud, and registry credentials and propagates by publishing trojanized versions of every package the stolen tokens can reach. First seen September 2025 (@ctrl/tinycolor and peers, exposing private repositories and AWS credentials), it resurged as the larger 'Shai-Hulud 2.0' wave in November 2025 across @zapier, @asyncapi, posthog and @postman packages affecting 25,000+ repositories, and later reached PyPI through PyTorch Lightning. Named after the Dune sandworm; part of the broader TeamPCP activity.
discovered 2025-09-16
Objective
Steal developer, cloud, registry, or application credentials through malicious package execution.
Related campaigns
Packages
- npm@ctrl/tinycolorattributed-to
- npm@zapier/zapier-sdkattributed-to
- npm@asyncapi/specsattributed-to
- npm@quick-start-soft/quick-markdown-printattributed-to
- npm@quick-start-soft/quick-markdownattributed-to
- npm@quick-start-soft/quick-remove-image-backgroundattributed-to
- npm@quick-start-soft/quick-git-clean-markdownattributed-to
- npm@quick-start-soft/quick-document-translatorattributed-to
- npm@quick-start-soft/quick-markdown-imageattributed-to
- npm@quick-start-soft/quick-task-refineattributed-to
- npm@asyncapi/modelinaattributed-to
- npmposthog-react-nativeattributed-to
- npmposthog-nodeattributed-to
- npm@postman/secret-scanner-wasmattributed-to
- npm@postman/csv-parseattributed-to
- npm@postman/node-keytarattributed-to
- npm@postman/tunnel-agentattributed-to
- npm@postman/wdio-allure-reporterattributed-to
- npm@postman/postman-mcp-cliattributed-to
- npm@postman/mcp-ui-clientattributed-to
- npm@postman/wdio-junit-reporterattributed-to
- npm@postman/pm-bin-macos-arm64attributed-to
- npm@postman/pm-bin-linux-x64attributed-to
- npm@postman/aether-iconsattributed-to
- pypipytorch-lightningattributed-to
Indicators
- domainwebhook.sitecommunicates-with
- sha256bc18414929992e8e8d2211f9c51ebc7241294a1af3cfdbdd5ca417974b2dac0bindicates
- sha25646faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09indicates
- email[email protected]exfiltrates-to
- email[email protected]exfiltrates-to
- sha25662ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0indicates
- sha256a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901aindicates
- sha2563071422c3294e7b61cb490c57c48c8dea569bacf12e57a078293b6547d7586d3indicates
- sha25656070a9d8de0c0ffb1ec5c309953cf4679432df5a78df9aeb020fbb73d2be9fbindicates
- sha2565f5852b5f604369945118937b058e49064612ac69826e0adadca39a357dfb5b1indicates
- sha256d2815d425ae08cc627f1db69009442165f8bbc64b7e9157e2ff9d7aab02094d4indicates
- sha2568046a11187c135da6959862ff3846e99ad15462d2ec8a2f77a30ad53ebd5dcf2indicates
- sha2562d4e21d2e78d0868ce7894487e67c67f929d8d81d78c5b07a3ad225b13eae890indicates
Techniques
- ttpT1195.001 Supply Chain Compromise: Compromise Software Dependencies and Development Toolsuses
- ttpT1059.007 Command and Scripting Interpreter: JavaScriptuses
- ttpT1552.001 Unsecured Credentials: Credentials In Filesuses
- ttpT1041 Exfiltration Over C2 Channeluses
- ttpT1528 Steal Application Access Tokenuses
- ttpT1105 Ingress Tool Transferuses
- ttpT1071.001 Application Layer Protocol: Web Protocolsuses
- ttpT1102 Web Serviceuses
- ttpT1546 Event Triggered Executionuses
- ttpT1021 Remote Servicesuses
- ttpT1098 Account Manipulationuses
- ttpT1027 Obfuscated Files or Informationuses
- ttpT1059.006 Command and Scripting Interpreter: Pythonuses
