The malicious code "Shai Hulud" targeting the JavaScript development ecosystem is continuously evolving, and the level of software supply chain attacks has been confirmed to have further escalated. The latest analysis shows that this malicious code has surpassed the previous level of simply infiltrating individual packages, capable of turning developers into unconscious and continuously spreading vectors of infection, establishing an automatic diffusion system.
According to a report released by the security company Expel, recent variants of the sandworm have the structure to automatically infect developer environments and respread through the npm registry they manage. This malicious code executes an npm package embedded with a virus during the installation phase, infecting in two steps. First, if the target environment does not have the "Bun" JavaScript runtime installed, it will automatically install it; then, through a complex obfuscated payload, it induces credential theft, data leakage, and reinfection in the background.
This variant is particularly noteworthy for its sophisticated credential collection methods. It directly accesses secret management systems of major cloud infrastructures such as AWS Secrets Manager, Microsoft Azure Key Vault, and Google Cloud Secret Manager to extract sensitive data. It has been confirmed that it also comprehensively collects NPM publish tokens, GitHub authentication information, and even cloud keys from the local system itself. The tool used in this process is TruffleHog, which is capable of automatically searching for hardcoded secret information from source code, configuration files, Git histories, and more.
The most typical tactic of Sandworm is the abuse of GitHub infrastructure. Unlike the previous methods of connecting malicious code to command and control (C2) servers, this malicious code uploads the stolen information to public repositories and registers the infected devices as self-hosted runners for GitHub Actions. This allows for continuous remote access, where attackers weaponize the accounts of infected developers to inject malicious code into other packages and expand the infection by automatically re-registering the modified versions to npm.
Reports indicate that as of now, it is estimated that over 25,000 repositories are infected, affecting hundreds of packages. This includes popular tools widely used by the open-source community.
Expel warns through this case that the "trust layer" of software supply chain security is no longer a safe zone. While the Sandworm has attacked the JavaScript ecosystem, other language communities with similar trust foundations, such as Python (PyPI), Ruby (RubyGems), and PHP (Composer), are also likely to be exposed to similar attacks. The emergence of self-propagating malicious code targeting the developer tools ecosystem may lead to more sustained and widespread threats in the future, which should be taken seriously.