A sophisticated supply chain attack has compromised 187 npm packages using a self-propagating worm that steals developer credentials and secrets. The malware scans for AWS keys, GitHub tokens, and cloud credentials, then creates repositories named 'Shai-Hulud' to store stolen data and spreads to other packages controlled by victims. This attack appears linked to the recent Nx compromise and affects high-profile packages including those from CrowdStrike.
Sort: