Unit 42 analyzes the post-Shai-Hulud npm threat landscape, detailing a sophisticated April 2026 supply chain attack attributed to TeamPCP. The campaign impersonated @bitwarden/cli to deploy a self-replicating worm that steals npm tokens, GitHub PATs, and cloud credentials (AWS, Azure, GCP), then backdoors every package the victim can publish. The malware uses multi-stage obfuscation, AES-256-GCM encrypted exfiltration, GitHub public repos as secondary exfiltration channels, GitHub Actions workflow injection, and a GitHub Search API dead drop for C2 resilience. The same payload simultaneously compromised Checkmarx Docker Hub images, GitHub Actions, and VS Code extensions. Mitigations include disabling lifecycle scripts, version pinning with npm ci, private registry proxying, egress filtering in CI/CD, provenance verification, and SBOM generation.
Table of contents
Executive SummaryApril 2026 - Shai Hulud: A New WaveInterim GuidanceConclusionMitigations for Compromised npm PackagesPalo Alto Networks Product Protections Related to Compromised npm PackagesIndicators of CompromiseAdditional ReferencesSort: