{"campaign":{"name":"Shai-Hulud","slug":"shai-hulud","href":"/ti/campaigns/shai-hulud","description":"Self-replicating npm and PyPI supply chain worm that harvests developer, cloud, and registry credentials and propagates by publishing trojanized versions of every package the stolen tokens can reach. First seen September 2025 (@ctrl/tinycolor and peers, exposing private repositories and AWS credentials), it resurged as the larger 'Shai-Hulud 2.0' wave in November 2025 across @zapier, @asyncapi, posthog and @postman packages affecting 25,000+ repositories, and later reached PyPI through PyTorch Lightning. Named after the Dune sandworm; part of the broader TeamPCP activity.","objective":"Steal developer, cloud, registry, or application credentials through malicious package execution.","aliases":["Shai-Hulud 2.0"],"discovered_at":"2025-09-16"},"packages":[{"ecosystem":"npm","name":"@ctrl/tinycolor","href":"/ti/packages/npm/@ctrl/tinycolor","threat_types":["credential_stealer","data_exfiltration"],"versions":["4.1.1"]},{"ecosystem":"npm","name":"@zapier/zapier-sdk","href":"/ti/packages/npm/@zapier/zapier-sdk","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.15.5","0.15.6","0.15.7"]},{"ecosystem":"npm","name":"@asyncapi/specs","href":"/ti/packages/npm/@asyncapi/specs","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["6.8.2","6.9.1"]},{"ecosystem":"npm","name":"@quick-start-soft/quick-markdown-print","href":"/ti/packages/npm/@quick-start-soft/quick-markdown-print","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"]},{"ecosystem":"npm","name":"@quick-start-soft/quick-markdown","href":"/ti/packages/npm/@quick-start-soft/quick-markdown","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"]},{"ecosystem":"npm","name":"@quick-start-soft/quick-remove-image-background","href":"/ti/packages/npm/@quick-start-soft/quick-remove-image-background","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"]},{"ecosystem":"npm","name":"@quick-start-soft/quick-git-clean-markdown","href":"/ti/packages/npm/@quick-start-soft/quick-git-clean-markdown","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"]},{"ecosystem":"npm","name":"@quick-start-soft/quick-document-translator","href":"/ti/packages/npm/@quick-start-soft/quick-document-translator","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"]},{"ecosystem":"npm","name":"@quick-start-soft/quick-markdown-image","href":"/ti/packages/npm/@quick-start-soft/quick-markdown-image","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"]},{"ecosystem":"npm","name":"@quick-start-soft/quick-task-refine","href":"/ti/packages/npm/@quick-start-soft/quick-task-refine","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.4.2511142126"]},{"ecosystem":"npm","name":"@asyncapi/modelina","href":"/ti/packages/npm/@asyncapi/modelina","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["5.10.2","5.10.3"]},{"ecosystem":"npm","name":"posthog-react-native","href":"/ti/packages/npm/posthog-react-native","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["4.12.5","4.11.1"]},{"ecosystem":"npm","name":"posthog-node","href":"/ti/packages/npm/posthog-node","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["5.13.3","4.18.1"]},{"ecosystem":"npm","name":"@postman/secret-scanner-wasm","href":"/ti/packages/npm/@postman/secret-scanner-wasm","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["2.1.2","2.1.3"]},{"ecosystem":"npm","name":"@postman/csv-parse","href":"/ti/packages/npm/@postman/csv-parse","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["4.0.3","4.0.4","4.0.5"]},{"ecosystem":"npm","name":"@postman/node-keytar","href":"/ti/packages/npm/@postman/node-keytar","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["7.9.1","7.9.2","7.9.4","7.9.5"]},{"ecosystem":"npm","name":"@postman/tunnel-agent","href":"/ti/packages/npm/@postman/tunnel-agent","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.6.5","0.6.6"]},{"ecosystem":"npm","name":"@postman/wdio-allure-reporter","href":"/ti/packages/npm/@postman/wdio-allure-reporter","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.0.7","0.0.8"]},{"ecosystem":"npm","name":"@postman/postman-mcp-cli","href":"/ti/packages/npm/@postman/postman-mcp-cli","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.0.3","1.0.4"]},{"ecosystem":"npm","name":"@postman/mcp-ui-client","href":"/ti/packages/npm/@postman/mcp-ui-client","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["5.5.1","5.5.2"]},{"ecosystem":"npm","name":"@postman/wdio-junit-reporter","href":"/ti/packages/npm/@postman/wdio-junit-reporter","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["0.0.4","0.0.5"]},{"ecosystem":"npm","name":"@postman/pm-bin-macos-arm64","href":"/ti/packages/npm/@postman/pm-bin-macos-arm64","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.24.4","1.24.5"]},{"ecosystem":"npm","name":"@postman/pm-bin-linux-x64","href":"/ti/packages/npm/@postman/pm-bin-linux-x64","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["1.24.4","1.24.5"]},{"ecosystem":"npm","name":"@postman/aether-icons","href":"/ti/packages/npm/@postman/aether-icons","threat_types":["credential_stealer","data_exfiltration","worm","persistence"],"versions":["2.23.3","2.23.4"]},{"ecosystem":"pypi","name":"pytorch-lightning","href":"/ti/packages/pypi/pytorch-lightning","threat_types":["credential_stealer","data_exfiltration","worm"],"versions":["2.5.3"]}],"indicators":[{"kind":"domain","value":"webhook.site","href":"/ti/ioc/domain/webhook.site","context":"Network indicator from blog post"},{"kind":"sha256","value":"bc18414929992e8e8d2211f9c51ebc7241294a1af3cfdbdd5ca417974b2dac0b","href":"/ti/ioc/sha256/bc18414929992e8e8d2211f9c51ebc7241294a1af3cfdbdd5ca417974b2dac0b","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09","href":"/ti/ioc/sha256/46faab8ab153fae6e80e7cca38eab363075bb524edd79e42269217a083628f09","context":"SHA-256 hash from blog post"},{"kind":"email","value":"scttcper@gmail.com","href":"/ti/ioc/email/scttcper@gmail.com","context":"Email indicator from blog post"},{"kind":"email","value":"github_token@github.com","href":"/ti/ioc/email/github_token@github.com","context":"Email indicator from blog post"},{"kind":"sha256","value":"62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0","href":"/ti/ioc/sha256/62ee164b9b306250c1172583f138c9614139264f889fa99614903c12755468d0","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901a","href":"/ti/ioc/sha256/a3894003ad1d293ba96d77881ccd2071446dc3f65f434669b49b3da92421901a","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"3071422c3294e7b61cb490c57c48c8dea569bacf12e57a078293b6547d7586d3","href":"/ti/ioc/sha256/3071422c3294e7b61cb490c57c48c8dea569bacf12e57a078293b6547d7586d3","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"56070a9d8de0c0ffb1ec5c309953cf4679432df5a78df9aeb020fbb73d2be9fb","href":"/ti/ioc/sha256/56070a9d8de0c0ffb1ec5c309953cf4679432df5a78df9aeb020fbb73d2be9fb","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"5f5852b5f604369945118937b058e49064612ac69826e0adadca39a357dfb5b1","href":"/ti/ioc/sha256/5f5852b5f604369945118937b058e49064612ac69826e0adadca39a357dfb5b1","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"d2815d425ae08cc627f1db69009442165f8bbc64b7e9157e2ff9d7aab02094d4","href":"/ti/ioc/sha256/d2815d425ae08cc627f1db69009442165f8bbc64b7e9157e2ff9d7aab02094d4","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"8046a11187c135da6959862ff3846e99ad15462d2ec8a2f77a30ad53ebd5dcf2","href":"/ti/ioc/sha256/8046a11187c135da6959862ff3846e99ad15462d2ec8a2f77a30ad53ebd5dcf2","context":"SHA-256 hash from blog post"},{"kind":"sha256","value":"2d4e21d2e78d0868ce7894487e67c67f929d8d81d78c5b07a3ad225b13eae890","href":"/ti/ioc/sha256/2d4e21d2e78d0868ce7894487e67c67f929d8d81d78c5b07a3ad225b13eae890","context":"SHA-256 hash from blog post"}],"ttps":[{"name":"Supply Chain Compromise: Compromise Software Dependencies and Development Tools","mitre_attack_id":"T1195.001","href":"/ti/ttps/T1195.001"},{"name":"Command and Scripting Interpreter: JavaScript","mitre_attack_id":"T1059.007","href":"/ti/ttps/T1059.007"},{"name":"Unsecured Credentials: Credentials In Files","mitre_attack_id":"T1552.001","href":"/ti/ttps/T1552.001"},{"name":"Exfiltration Over C2 Channel","mitre_attack_id":"T1041","href":"/ti/ttps/T1041"},{"name":"Steal Application Access Token","mitre_attack_id":"T1528","href":"/ti/ttps/T1528"},{"name":"Ingress Tool Transfer","mitre_attack_id":"T1105","href":"/ti/ttps/T1105"},{"name":"Application Layer Protocol: Web Protocols","mitre_attack_id":"T1071.001","href":"/ti/ttps/T1071.001"},{"name":"Web Service","mitre_attack_id":"T1102","href":"/ti/ttps/T1102"},{"name":"Event Triggered Execution","mitre_attack_id":"T1546","href":"/ti/ttps/T1546"},{"name":"Remote Services","mitre_attack_id":"T1021","href":"/ti/ttps/T1021"},{"name":"Account Manipulation","mitre_attack_id":"T1098","href":"/ti/ttps/T1098"},{"name":"Obfuscated Files or Information","mitre_attack_id":"T1027","href":"/ti/ttps/T1027"},{"name":"Command and Scripting Interpreter: Python","mitre_attack_id":"T1059.006","href":"/ti/ttps/T1059.006"}],"related_campaigns":[{"name":"TeamPCP","slug":"teampcp","href":"/ti/campaigns/teampcp","relationship":"variant-of"}],"reports":[{"title":"npm Supply Chain Attack Exposes Private Repositories, AWS Credentials and More","url":"https://safedep.io/npm-supply-chain-attack-targeting-maintainers","published_at":"2025-09-16"},{"title":"Shai-Hulud 2.0 npm Supply Chain Attack Technical Analysis","url":"https://safedep.io/shai-hulud-second-coming-supply-chain-attack","published_at":"2025-11-24"},{"title":"PyTorch Lightning Compromised: Shai-Hulud Worm Reaches PyPI","url":"https://safedep.io/malicious-pytorch-lightning-pypi-compromise","published_at":"2026-04-30"}]}