Close Menu
    What's Hot

    Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

    21 leaders on making cross-functional collaboration work

    Trump again makes unverifiable claims of noncitizen voting

    Facebook X (Twitter) Instagram
    Trending
    • Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor
    • 21 leaders on making cross-functional collaboration work
    • Trump again makes unverifiable claims of noncitizen voting
    • SpaceX suddenly aborts second Starship V3 launch after ignition
    • VNET Group Stock: Signed Capacity Can Drive The Next Earnings Ramp (NASDAQ:VNET)
    • England can learn from ‘phenomenal’ Joe Root after match-winning 99 not out vs India in second ODI, says Harry Brook | Cricket News
    • Live Updates: Trump Exaggerates Claims About Election Vulnerabilities in Speech
    • How three Ivorian firms are competing with global brands | Economy News
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

    adminBy adminMay 19, 2026No Comments5 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Mini Shai-Hulud Pushes Malicious AntV npm Packages via Compromised Maintainer Account

    Cybersecurity researchers have discovered a fresh software supply chain attack campaign that has compromised various npm packages associated with the @antv ecosystem as part of the ongoing Mini Shai-Hulud attack wave.

    “The attack affects packages tied to the npm maintainer account atool, including echarts-for-react, a widely used React wrapper for Apache ECharts with roughly 1.1 million weekly downloads,” Socket said.

    The list of affected packages include @antv packages such as @antv/g2, @antv/g6, @antv/x6, @antv/l7, @antv/s2, @antv/f2, @antv/g, @antv/g2plot, @antv/graphin, and @antv/data-set, as well as related packages outside the @antv namespace, including echarts-for-react, timeago.js, size-sensor, canvas-nest.js, and others.

    The application security company said the tradecraft matches Mini Shai-Hulud, where a compromised maintainer account is leveraged to push out trojanized versions in quick succession.

    The development comes as the supply chain attack campaign continues to slither its way through the software supply chain, worming through different open-source registries rapidly and infecting hundreds of software packages by embedding credential-stealing code into popular development tools.

    Cybersecurity

    “The potential blast radius is significant because the affected publishing account is connected to widely used packages across data visualization, graphing, mapping, charting, and React component ecosystems,” Socket said. “Even if only a subset of those packages received malicious updates, the popularity of the package ecosystem creates meaningful downstream exposure for organizations that automatically pull new dependency versions.”

    The attacker is said to have published 639 malicious versions across 323 unique packages, including 558 versions across 279 unique @antv packages. The stealer payload harvests more than 20 credential types, Amazon Web Services, Google Cloud, Microsoft Azure, GitHub, npm, SSH, Kubernetes, Vault, Stripe, database connection strings, and attempts Docker container escape via the host socket. The stealer is identical to the Mini Shai-Hulud payload used in the SAP compromise.

    The collected data is eventually serialized, compressed, encrypted, and exfiltrated to the domain (“t.m-kosche[.]com:443”). As a fallback mechanism, the malware leverages the stolen GitHub token to create a public repository under the victim’s account and commit the data in a JSON file.

    The repositories feature the description “niagA oG eW ereH :duluH-iahS,” which reverses to “Shai-Hulud: Here We Go Again.” As of writing, there are more than 2,500 repositories in GitHub containing this marker.

    Shai-Hulud Framework

    “These repositories are created using GitHub tokens stolen from compromised CI/CD environments,” StepSecurity said. “The sheer volume, over two thousand repositories, provides a lower bound on the number of unique environments whose credentials were successfully exfiltrated. If your GitHub token was among those stolen, the attacker has used it to create at least one of these repositories under an account they control.”

    Furthermore, the malware incorporates an npm propagation logic that abuses the stolen npm tokens to first validate them through the npm registry API, enumerates packages maintained by the token owner, downloads package tarballs, injects the malicious payload, adds a preinstall hook, increases the package versions, and republishes them using the compromised maintainer’s identity.

    “The attack uses two execution paths,” SafeDep said. “Each compromised version adds a preinstall hook (bun run index.js). 630 of the 631 malicious versions also inject an optionalDependencies entry [pointing to imposter commits] that delivers a second copy of the payload via the legitimate antvis/G2 GitHub repository.”

    “The 22-minute publish burst across 314 packages (631 versions), with an identical obfuscated payload, rules out a gradual or targeted operation. This was automated, rapid exfiltration using a stolen token.”

    The self-replicating Mini Shai-Hulud campaign is assessed to be the work of a financially motivated threat actor named TeamPCP. However, as of last week, the activity has entered an aggressive, new phase after TeamPCP released the entire source code for other threat actors to use as part of a supply chain attack contest announced in partnership with BreachForums.

    Cybersecurity

    “The open-sourcing of a production offensive framework is not unprecedented, but it’s unusual for an active campaign,” Datadog said. “It lowers the barrier for other actors to adopt TeamPCP’s playbook including the more sophisticated techniques like OIDC token abuse, provenance forgery, and AI tool persistence hooks.”

    Since then, an unknown threat actor has uploaded four malicious npm packages, one of which contains a near-verbatim copy of the Shai-Hulud worm with its own command-and-control infrastructure, an indication that cloned versions of the worm may infest open-source ecosystems.

    This copycat wave, in turn, complicates attribution efforts, while the attacks continue to facilitate credential theft and open the door for follow-on exploitation. The incident once again demonstrates how compromising tools that are already trusted inside enterprise networks can be abused as delivery vehicles for malware. What makes the campaign truly dangerous is that one compromise feeds into the next, resulting in an ever-expanding blast radius as more packages are hacked.

    “This campaign is built for credential theft at scale,” Trend Micro said in a report last week. “Organizations using GitHub Actions, PyPI, Docker Hub, GHCR [GitHub Container Registry], VS Code extensions, and cloud-connected CI runners are directly exposed to this risk.”

    account AntV Compromised Maintainer malicious Mini npm Packages pushes ShaiHulud
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous ArticleSmart rings compared: Oura, Samsung, and the no-fee newcomers
    Next Article Pep Guardiola will leave Man City having transformed English football from the top down – Between the Lines | Football News
    admin
    • Website

    Related Posts

    Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

    July 17, 2026

    New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

    July 17, 2026

    San Francisco mayor pushes for tougher rules after the Waymo traffic fiasco

    July 17, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

    21 leaders on making cross-functional collaboration work

    Trump again makes unverifiable claims of noncitizen voting

    SpaceX suddenly aborts second Starship V3 launch after ignition

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by