Leaked Shai-Hulud malware fuels new npm infostealer campaign

Shai-Hulud Reappears in npm Infostealer Campaign

OverviewA recent wave of malware leveraging the leaked Shai-Hulud framework has surfaced on the Node Package Manager (npm) index. The new campaign uses infected npm packages to harvest developer credentials, secrets, cryptocurrency wallet data, and various account details. Several of the packages also include capabilities to turn infected machines into botnets capable of distributed denial-of-service (DDoS) activity. The activity follows earlier Shai-Hulud deployments that targeted open-source ecosystems and spread through supply-chain compromises.

The Actors and Campaign ContextA threat actor using the handle deadcode09284814 published a set of malicious packages on npm over the weekend. The campaign is notable for typosquatting — employing misspelled package names to lure Axios users and other developers. The campaign marks the first documented instance of a Shai-Hulud clone deployed on npm, according to researchers, who describe the variant as an unmodified copy of the leaked source code lacking obfuscation. The campaign’s message history traces back to a GitHub origin with a claim from TeamPCP, the same group associated with earlier Shai-Hulud activity. The leaked Shai-Hulud code had previously appeared on GitHub, accompanied by a taunting note, and researchers observed rapid copying and modification by various actors to broaden capabilities.

The Four Malicious PackagesFour packages were identified in this wave, each rooted in typosquatting and designed to exfiltrate sensitive information. Highlights include:

• chalk-tempalte — A Shai-Hulud clone functioning as an information stealer.
• @deadcode09284814/axios-util — A credential and cloud config stealer.
• axois-utils — An infostealer with persistent DDoS botnet capabilities, described by researchers as a “phantom bot.”
• color-style-utils — A basic infostealer targeting cryptocurrency wallets and IP-related data.

Technical observations

• The chalk-tempalte package contains a near-exact replica of the Shai-Hulud malware code without obfuscation. This makes it easier to analyze but also indicates a lack of additional protective measures by the actor.
• All four packages include routines to exfiltrate credentials and configuration files to a command-and-control (C2) server, with exfiltration destinations pointing to a C2 domain under a long-chain subdomain (87e0bbc636999b[.]lhr[.]life).
• The malware preserves GitHub publishing capabilities, enabling stolen credentials to be uploaded to public, auto-generated repositories.

Malware Capabilities and Exfiltration Targets

• Credential and secret theft: The core capability across the campaigns is to harvest user credentials, API keys, and other sensitive configuration data.
• Wallet and account data: The malware targets cryptocurrency wallets and other financial account information.
• Public exfiltration: Stolen data is uploaded to accessible GitHub repositories, consistent with earlier Shai-Hulud operations.
• Botnet functionality: In addition to information theft, at least one package (axois-utils) includes a botnet component capable of orchestrating DDoS activities across HTTP, TCP, UDP floods, and TCP reset attacks. The code also references a “phantom bot” in internal notes.

C2 Infrastructure and Data Flows

• Exfiltration path: Stolen data is sent to a centralized C2 server, establishing long-lived data channels for credential leakage and configuration harvesting.
• Persistence and reach: The malware maintains publication tooling, which can re-upload collected data to public repositories, increasing exposure and persistence for the actors.

Campaign Timeline and Historical Context

• The current npm wave follows a broader Shai-Hulud-led campaign that began surfacing around September 2025, involving self-propagating supply-chain attacks that compromised dozens of npm packages. In those operations, attackers injected malicious code into legitimate projects, stole credentials, and exposed exfiltrated data in public repositories.
• Prior reporting identifies TeamPCP as a principal actor behind the original Shai-Hulud activity, with subsequent clones and copycats emerging across code hosting platforms.
• The npm codeline shows a rapid replication pattern: leaked Shai-Hulud code was copied almost verbatim by different actors, who then added their own minor modifications or repurposed functionalities.

Researcher Findings and Attribution

• OxSecurity, a security research firm focusing on application security across development lifecycles, observed the npm campaign and documented the typosquatted package names, the unmodified Shai-Hulud clone, and the inclusion of a DDoS bot component in axois-utils.
• The researcher analysis emphasizes that the chalk-tempalte package appears to be the first documented Shai-Hulud clone on npm, though not a sophisticated variant; rather, it demonstrates the ease with which leaked code can be repurposed for new targets.
• Evidence ties some activity to TeamPCP, but the cloning behavior and lack of obfuscation suggest multiple actors adopting the same baseline toolset.

Impact and Scope

• Package reach: The four identified npm packages accumulated a combined download count of approximately 2,678, indicating a moderate level of spread within the npm ecosystem.
• Data risk: The campaign disproportionately risks exposing credentials, cloud configuration details, and wallet information for developers and teams relying on affected packages.
• Public exposure: The exfiltrated data’s appearance in public repositories increases risk exposure and makes post-compromise forensics more challenging.

Observations from the Security Community

• The use of typosquatting remains a consistent tactic for targeting developers who rely on popular libraries and utilities (such as Axios). This tactic increases the probability of victims installing malicious packages inadvertently.
• The combination of information theft with botnet functionality underscores a trend toward multifaceted malware in supply-chain contexts, where attackers aim to maximize both data leakage and disruption potential.
• The persistence of Shai-Hulud as a modular framework demonstrates how leaked source code can spawn diverse variants across ecosystems, from GitHub to npm and beyond.

Scope of the Infected Packages

• The four packages were identified in the npm index, each carrying a slightly different payload but sharing the core objective of credential and data exfiltration. The presence of a botnet-capable package among the set highlights a broader spectrum of potential attacker objectives beyond stolen data.

Related Context and Further Reading

• Shai-Hulud attack on TanStack and Mistral-npm packages
• New Shai-Hulud malware wave affecting hundreds of npm packages
• Other npm package compromises aimed at credential theft
• Open inquiries into TeamPCP’s broader activities and code repos

ConclusionThe latest npm-based campaign demonstrates the continuing risk posed by leaked malware toolchains when they migrate across software supply chains. The combination of credential theft, wallet data targeting, and DDoS capabilities within a single campaign illustrates the evolving threat landscape for developers and organizations relying on npm packages. The observed activity reinforces the importance of vigilance around typosquatting, regular package audits, and careful credential management in development environments.