Massive Double Attack Targets the NPM Ecosystem

Attack 1: The Shai-Hulud Worm

The Shai-Hulud worm was first discovered by security teams at Trend Micro, TrueSec, and The Hacker News. It targeted over five hundred npm packages by exploiting a sophisticated phishing campaign to compromise maintainer accounts. Once attackers gained access, they modified package files, embedding malicious scripts — notably bundle-js — into otherwise legitimate packages. These trojanized versions were then republished to npm, quietly spreading the infection to downstream projects that relied on them.

The altered packages also contained modified package.json configurations and persistent GitHub workflows, ensuring ongoing access for the attackers. The payload was designed to scour developer environments for sensitive data using tools such as TruffleHog, harvesting credentials including GitHub tokens, npm tokens, and cloud service keys. These secrets were stealthily exfiltrated to attacker-controlled servers.

The consequences were catastrophic: a self-replicating worm capable of cascading compromise across the npm ecosystem. Even removing a malicious package was insufficient to eradicate the threat, since infected workflows could reinfect repositories — creating a persistent, long-term vulnerability that developers now must grapple with.

Attack 2: Cryptocurrency Hijacking

Almost simultaneously, researchers at Palo Alto Networks uncovered a second attack within the npm ecosystem. This operation focused on hijacking cryptocurrency transactions by injecting malicious code into around forty npm packages, with some overlap with Shai-Hulud’s targets.

The malicious payload targeted browser-based cryptocurrency wallets, hooking into APIs such as window.ethereum and Solana APIs to monitor and intercept transaction data. When developers or end-users engaged with compromised packages, the malicious code silently monitored transaction payloads and wallet addresses. Before a transaction could be completed, the code altered the transaction data, diverting funds to attacker-controlled addresses. This attack was striking in its stealth, avoiding detection and directly siphoning cryptocurrency without warning.

Oddly, despite the enormous scale of these attacks, researchers found the total financial gain was laughably small — about five hundred dollars in cryptocurrency. This has led experts to speculate the motive might extend beyond monetary gain, possibly as a test of new attack methods, a demonstration of technical skill, or a deliberate attempt to sow disruption in the open-source community.

Technical Anatomy of the Attacks

The Shai-Hulud worm worked by retrieving legitimate package tarballs, modifying package.json files, and injecting malicious bundle-js scripts. These altered packages were then republished to npm, allowing the malicious code to spread through dependent projects. Its payload focused on credential theft and persistence, scanning systems for secrets and embedding GitHub Actions workflows to maintain continuous access.

The cryptocurrency hijacking attack, in contrast, injected malicious code that integrated directly into browser wallet APIs. This allowed it to intercept and modify transaction data, redirecting funds without user knowledge. Together, these attacks show the increasing sophistication of supply chain compromises and their potential to cause cascading damage to software ecosystems.

Affected Packages and Ecosystem Impact

The Shai-Hulud worm infected more than five hundred npm packages, including widely used libraries such as @ctrl-tinycolor, @nativescript-community-gesturehandler, koa2-swagger-ui, and react-jsonschema-form-conditionals. The cryptocurrency hijacking operation targeted about forty packages, including common development dependencies such as ansi-styles-6-2-2, debug-4-4-2, chalk-5-6-1, and supports-color-10-2-1.

These are not niche libraries — they are core dependencies with millions of weekly downloads. The scale means the impact of both attacks spread across countless projects and organizations, posing a major threat to software supply chain integrity worldwide.

Responsibility and Attribution

No individual or group has claimed responsibility for these attacks. Investigations by cybersecurity firms confirmed the high level of sophistication involved, but the perpetrators remain unidentified. The absence of a claim may be intentional, allowing the attackers to avoid detection and law enforcement, leaving their motive and origin in question. The complexity and scale strongly suggest a well-resourced, organized threat actor.

Consequences and Implications

The combined impact of these dual attacks is staggering. The Shai-Hulud worm enabled unauthorized access to developer accounts, npm registries, and cloud environments, creating a cascading compromise that propagated across thousands of packages. Its persistence mechanisms ensured the threat would linger, able to reinfect repositories even after remediation. The cryptocurrency hijacking attack added direct financial theft to the equation, albeit with surprisingly minimal gain. Together, these incidents stand as one of the most dangerous supply chain attacks in history, demonstrating how attackers can exploit open-source ecosystems with unprecedented scale and precision.

A Wake-Up Call for Open Source

The September 2025 npm supply chain attacks — Shai-Hulud and cryptocurrency hijacking — are a wake-up call. This was not an isolated incident, but a coordinated, dual assault on the heart of the npm ecosystem. Their scale and sophistication — paired with the surprising revelation of minimal financial gain and no claim of responsibility — mark a dangerous new chapter in supply chain threats. For developers, organizations, and the open-source community, this should serve as a stark reminder: strengthen supply chain hygiene, enhance security practices, and invest in proactive defenses to safeguard the integrity of software ecosystems going forward.