Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons

Social Media

Hackers News Hackers News
  • CyberSecurity News
  • Threats
  • Attacks
  • Vulnerabilities
  • Breaches
  • Comparisons
Search the Site
Popular Searches:
technology Amazon AI
Recent Posts
India Halts WhatsApp Usernames Rollout Due to Fraud Concerns
July 1, 2026
Critical Cursor IDE RCE Vulnerabilities Allow Zero-Click Prompt Injection
July 1, 2026
Automated Password Spray Attacks Target Microsoft Azure CLI
July 1, 2026
Home/Threats/Critical npm flaw lets attackers steal GitHub, AWS, Kubernetes secrets
Threats

Critical npm flaw lets attackers steal GitHub, AWS, Kubernetes secrets

Key Takeaways A widespread supply chain attack, dubbed “Shai-Hulud: Here We Go Again,” has compromised over 170 npm packages and two PyPI packages. The attacker group, TeamPCP, injected...

Jennifer sherman
Jennifer sherman
May 14, 2026 4 Min Read
47 0

Key Takeaways

  • A widespread supply chain attack, dubbed “Shai-Hulud: Here We Go Again,” has compromised over 170 npm packages and two PyPI packages.
  • The attacker group, TeamPCP, injected malicious loaders and obfuscated JavaScript payloads designed to steal sensitive credentials from developer machines and CI/CD pipelines.
  • The malware exhibits worm-like behavior, self-replicating and spreading by using stolen credentials to inject malicious code into additional packages and republish them.
  • Affected credentials include GitHub tokens, npm credentials, AWS access keys, Kubernetes service account tokens, HashiCorp Vault tokens, SSH keys, Docker credentials, and generic API keys.
  • A “dead-man switch” mechanism is present, which triggers a destructive wipe of the infected machine if a stolen GitHub token is revoked before persistence is fully removed.

Widespread Supply Chain Attack Targets Developer Ecosystems

A sophisticated supply chain attack is currently impacting software developers globally, with more than 170 npm packages and two PyPI packages compromised in a coordinated credential theft campaign. This extensive operation poses a significant risk to development environments, given that the affected packages collectively receive over 200 million weekly downloads.

Table Of Content

  • Key Takeaways
  • Widespread Supply Chain Attack Targets Developer Ecosystems
  • How the Worm-like Malware Spreads
  • Credential Theft and the Dead-Man Switch
  • Indicators of Compromise (IoCs)

The threat actor, identified as TeamPCP, has embedded malicious loaders and obfuscated JavaScript payloads into widely used developer dependencies. These insidious payloads are engineered to operate covertly within developer workstations and Continuous Integration/Continuous Deployment (CI/CD) pipelines, systematically exfiltrating sensitive credentials and leveraging them to propagate the infection further. The sheer scale of this compromise has reportedly caught numerous development teams unprepared.

Researchers at JFrog, who uncovered the full scope of this campaign, have named it “Shai-Hulud: Here We Go Again,” noting its resemblance to previous attacks attributed to the same group. Their analysis indicates that this is not a one-off intrusion but a self-propagating mechanism designed for continuous expansion with each successful compromise.

How the Worm-like Malware Spreads

The attack vector originated within a trusted GitHub release environment. The attackers exploited a specific workflow pattern that permitted code from a forked repository to execute within a privileged context of the main repository. This initial breach allowed them to establish a foothold without immediately triggering security alerts. Subsequently, they corrupted a build cache entry, which was later restored during what appeared to be routine build processes, activating the malicious code.

Once active, the malware extracted GitHub Actions identity tokens directly from the runner’s memory, exchanging them for npm publishing credentials. It then injected its malicious code into additional packages, incremented their version numbers, and republished these infected versions. Each compromised package thus became a launchpad for subsequent infections, demonstrating a potent, worm-like propagation method.

This campaign is particularly concerning due to its self-replicating nature. Rather than simply extracting credentials and ceasing activity, the malware actively seeks to expand its footprint. After acquiring npm tokens or trusted-publishing credentials, the payload enumerates all packages the compromised account has publishing rights to, re-injects them with malicious code, and pushes new, infected versions to the public registry. This ensures persistent and expanding access for the attackers.

Further enhancing its stealth, the malware can also request an OpenID Connect (OIDC) token for the npm registry, which it then exchanges for a publishing token. This process allows infected packages to appear as if they originate from verified, trusted sources, effectively masking the embedded malware.

The campaign’s reach extended beyond npm to the Python ecosystem, compromising two PyPI packages. The PyPI variant is activated upon package import in any Python script. This loader then silently fetches a remote payload from attacker-controlled servers. This second-stage payload has since evolved into a comprehensive credential stealer, targeting cloud providers, Kubernetes, HashiCorp Vault, password managers, and various developer tools.

Credential Theft and the Dead-Man Switch

The npm payload is designed to harvest a broad array of sensitive credentials. This includes GitHub tokens, npm credentials, AWS access keys (obtained from environment variables and cloud metadata services), Kubernetes service account tokens, HashiCorp Vault tokens, SSH keys, Docker credentials, and other generic API keys. In cloud environments, it specifically queries the EC2 metadata service to directly retrieve IAM role credentials.

For data exfiltration, the malware ingeniously utilizes GitHub itself. It creates a public repository using a stolen token, commits encrypted bundles of stolen credentials to it, and marks the repository with the campaign’s name for tracking. Commits containing stolen GitHub tokens are accompanied by a threatening message, warning defenders against revoking access.

This threat is enforced by a “dead-man switch.” The malware installs a background monitor that checks GitHub every 60 seconds. Should the stolen token be revoked, this monitor immediately triggers a destructive wipe command on the compromised machine. This mechanism presents a critical challenge for remediation: defenders must ensure all persistence mechanisms are completely removed before attempting to revoke any compromised credentials, to avoid inadvertently activating the wiper functionality.

JFrog strongly advises that all affected machines and CI/CD runners be isolated immediately. The first step in remediation is to thoroughly remove all persistence files and background services. Only after this initial cleanup should organizations proceed with rotating GitHub tokens, npm tokens, AWS credentials, Kubernetes service accounts, Vault tokens, and SSH keys.

Additionally, developers should meticulously review their repositories for commits authored by “[email protected]” and investigate any anomalous, Dependabot-like branches that deviate from established automation patterns.

Indicators of Compromise (IoCs)

Type Indicator Description
IP Address 83.142.209.194 Primary attacker C2 server and PyPI payload host
URL hxxps[:]//83.142.209.194/transformers.pyz PyPI remote payload download URL
URL hxxps[:]//83.142.209.194/v1/models PyPI early-quarantine / second-stage retrieval endpoint <a href="https://ppl-ai-file-upload.s3.amazonaws.com/web/direct-files/attachments/11146061/f135cafd-833d-4f80-9658-7f38fc1da461/Hackers-Compromise-170-npm-Packages-to-Steal-GitHub-npm-AWS-and-Kubernetes-Secrets.pdf?AWSAccessKeyId=ASIA2F3EMEYERPF7E2AY&Signature=S3oMdCTWMPfobynPw2lRah3iklU%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEJb%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQCJFe%2FY5sqSfzs1TOVxB%2BoAZDblo%2Bn7ALn5MngB%2BJ%2FL1QIgTffE6d%2F2A7xNpJhrV2Tr48zS8vdMwFIU1Wia25jTwTQq8wQIXxABGgw2OTk3NTMzMDk3MDUiDLJ0YoBSahe3Lc56vCrQBIvRWAccaaukEcMcpuM9Z3m31EHijFqBYLFd9tgxkRp1h8RFpf4X5LCOqih6eTR30XaSXQ6oUJ%2BBCgCYt5RDGVNZxykgU25pAB8Swlx%2FA4zTGT3GybhxVIydfQ49s675JwMKdvfvhWdfj5zYh3sjN7QTJ0SuGN0o%2FRnvXcgY0C7l6b6AKUDuMpi%2BNPPYMU7OX5aUhj%2B0GhbKlMtPElaNSrJo2uPy8H6gokLn6%2Bbr46mgu9biQPrCvjNwnzvXron0Lei4dR%2F7y4cb2q0h7IQmk5lMZfCzNYuPc3EkK5Y7laUrovnucUGxpwW%2FNuicXSh4Q21q7TjKIsPMjhjm53qqRMj26r5dbO33T9aQgaOU2HJ4chX3bFp09BmSyPjbEjjO

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.

Tags:

AttackExploitHackerMalwareThreat

Share Article

Jennifer sherman

Jennifer sherman

Jennifer is a cybersecurity news reporter covering data breaches, ransomware campaigns, and dark web markets. With a background in incident response, Jennifer provides unique insights into how organizations respond to cyber attacks and the evolving tactics of threat actors. Her reporting has covered major breaches affecting millions of users and has helped organizations understand emerging threats. Jennifer combines technical knowledge with investigative journalism to deliver in-depth coverage of cybersecurity incidents.

Previous Post

Dell SupportAssist Update Patches Critical BSOD Vulnerability

Next Post

Anthropic Mythos AI Discovers Critical macOS Vulnerabilities Bypassing Apple Security

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Popular Posts
Critical Fluentd Vulnerabilities Allow Remote Code Execution
July 1, 2026
Weaponized Google Ads Install Malicious Claude Code to Hijack macOS
July 1, 2026
Critical Adobe ColdFusion Vulnerabilities Let Attackers Run Code
July 1, 2026
Top Authors
Marcus Rodriguez
Marcus Rodriguez
Jennifer sherman
Jennifer sherman
Emy Elsamnoudy
Emy Elsamnoudy
Let's Connect
156k
2.25m
285k

Related Posts

Jennifer sherman
By Jennifer sherman
Threats

GlassWorm Attacks macOS via Malicious VS Code…

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Attacks

ClickFix Attack Hides Malicious Code via Stegan Security

January 1, 2026
Sarah simpson
By Sarah simpson
Vulnerabilities

MongoBleed Detector Tool Released to Detect MongoDB Vulnerability(CVE-2025-14847)

January 1, 2026
Emy Elsamnoudy
By Emy Elsamnoudy
Breaches

Conti Ransomware Gang Leaders & Infrastructure Exposed

January 1, 2026
Hackers News Hackers News
  • [email protected]

Quick Links

  • Contact Us
  • Privacy Policy
  • Terms of service

Categories

Attacks
Breaches
Comparisons
CyberSecurity News
Threats
Vulnerabilities

Let's keep in touch

receive fresh updates and breaking cyber news every day and week!

All Rights Reserved by HackersRadar ©2026

Follow Us