The Shai-Hulud supply chain worm has compromised a third npm package: intercom-client@7.0.4, the official Intercom Node.js SDK with 361,510 weekly downloads. Published via a hijacked GitHub Actions OIDC pipeline 29 hours after two prior compromises, this version injects a preinstall hook that downloads the Bun runtime and executes an 11.7 MB obfuscated credential stealer. Unlike earlier variants, this payload now targets AWS (via IMDS), GCP (via metadata server), and Azure credentials in addition to GitHub and npm tokens. Exfiltration routes through api.github.com using the victim's own stolen tokens, bypassing most firewall rules. The worm self-propagates by using stolen npm publish tokens to inject the payload into other packages. Safe version is intercom-client@7.0.3. Remediation steps include uninstalling 7.0.4, rotating all cloud and GitHub credentials, auditing CI/CD logs, and using --ignore-scripts as a standing policy.
Table of contents
Compromised PackageHow We Detected ItThe Version Diff: What Changed in 7.0.4Inside the Attack ChainAttribution: Shai-Hulud / TeamPCP CampaignIndicators of CompromiseAm I Affected?RemediationHow StepSecurity HelpsSort: