🚨SlowMist TI Alert: #NPM Supply-Chain Poisoning Analysis — Reconstructing the Shai-Hulud Attack🚨 1️⃣The NPM ecosystem has suffered another large-scale package poisoning attack, closely tied to the Shai-Hulud incident (Sept 2025). This new wave embedded malicious payloads inside widely used packages to steal developer secrets, cloud credentials, and environment variables — then uploaded exfiltrated data to attacker-controlled GitHub repositories. Our Web3 threat-intelligence & real-time monitoring platform #MistEye responded immediately and swiftly pushed relevant threat intelligence to provide critical security protection for our clients. 📌For the full list of IoCs, please see the detailed analysis: https://slowmist.medium.com/threat-intelligence-npm-supply-chain-poisoning-analysis-reconstructing-the-shai-hulud-attack-ec0b2da86aa8 2️⃣Technical Breakdown🔍 Using the package @asyncapi/php-template@0.1.1 as an example: 🔹The attacker added two JS files: setup_bun.js and an obfuscated bun_environment.js — plus a new preinstall script. 🔹During installation, the script auto-installs Bun, configures environment variables, then uses it to run the malicious payload. 🔹After partial deobfuscation, the aL0() function was identified as the main entry point for data theft, credential harvesting, and supply-chain propagation. 3️⃣Credential Theft Across AWS / GCP / Azure🕵️ The payload aggressively hunts for all accessible cloud secrets: 🔹AWS • runSecrets() + listAndRetrieveAllSecrets() scan all credentials & all regions • Extracts every available SecretString / SecretBinary • enumerateValidCredentials() gathers usable creds from env vars, config files, and CLI sessions 🔹GCP • Enumerates all project Secrets • Retrieves latest plaintext versions via accessSecretVersion() 🔹Azure • Discovers all Key Vaults in the subscription • Extracts every secret via getSecret() Attackers also embedded TruffleHog inside the malware — turning a legitimate security tool into a weapon for scanning the victim’s entire filesystem for additional secrets. 4️⃣NPM Supply-Chain Worm Propagation🐛 The script includes an updatePackage() function enabling worm-like spread: 🔹Uses stolen NPM tokens 🔹Downloads packages the victim is authorized to publish 🔹Injects malicious preinstall scripts 🔹Inserts the payload 🔹Auto-bumps the version number 🔹Publishes poisoned versions to the official NPM registry 5️⃣Backdoor via GitHub Self-Hosted Runners💀 Using a stolen GitHub token, the payload: 🔹Creates a new repo in the victim’s account 🔹Registers the victim’s machine as a self-hosted GitHub Actions runner 🔹Injects malicious workflow files 🔹Enables full remote code execution (RCE) Exfiltrated secrets are Base64-encoded twice and uploaded to the attacker-controlled repo — all labeled “Sha1-Hulud: The Second Coming.” 6️⃣Conclusion & Recommendations⚠️ This attack combines: ✔Supply-chain propagation ✔Cloud-credential harvesting ✔TruffleHog-based filesystem scanning ✔Long-term persistence via self-hosted runners 🔐We strongly recommend: 🔹Strict dependency version-locking (pin exact versions, avoid caret/tilde updates); 🔹Conduct internal security reviews before upgrading any dependency; 🔹Monitor NPM/GitHub activity for unknown version bumps, unusual tokens, & runner registrations; 🔹Use platforms like MistEye to receive real-time APT & supply-chain threat intelligence. 🌟If you need enterprise-grade intelligence on #APT activity, dependency poisoning, and supply-chain threats, contact us to access MistEye: https://misteye.io/(SlowMist)