Shai-Hulud 2.0 Malware Hits NPM: is Your Organization Exposed?

Between November 21-23, 2025, attackers compromised over 700 NPM packages in one of the largest supply chain attacks on record. Major organizations, including Zapier, Postman, ENS Domains, and PostHog, were affected. If your team uses NPM, you need to act now.

What Happened? 

The attackers created over 25,000+ malicious repositories across 350+ GitHub accounts, with new compromised repos appearing at roughly 1,000 per hour during peak activity. 

This is the second wave—the original “Shai-Hulud” attack occurred on September 16, 2025. The timing of this new attack, just before GitHub’s NPM December 9th deadline to revoke legacy tokens, suggests sophisticated threat actors are racing against security improvements.

How the Attack Works

The malware executes during package installation via a setup_bun.js script. Once active, it:

1. Registers infected machines as self-hosted GitHub Actions runners named “SHA1HULUD”
2. Steals credentials using TruffleHog to scan for NPM tokens, GitHub PATs, SSH keys, and cloud credentials
3. Enables remote control by allowing attackers to execute commands through GitHub discussions
4. Wipes data if detected, destroying the developer’s home directory as a scorched-earth tactic

The persistence mechanism survives reboots, turning developer machines into long-term backdoors.

Immediate Actions Required

1. Audit Dependencies: Pin packages to known, clean versions 
2. Hunt for Compromise: Search for repositories with “Shai-Hulud” or “SHA1HULUD” in names/descriptions. Check for unauthorized GitHub Actions runners.
3. Review Logs: Look for suspicious workflows or commits referencing “hulud” in your GitHub Actions history.
   

How ArmorCode is Helping its Customers

ArmorCode correlates the finding data with open-source package information and identifies if any infected packages exist in the customer environment.

1. Saved Searches: ArmorCode’s pre-configured saved searches instantly filter and identify findings containing the affected NPM packages across your entire environment.
2. Software Supply Chain Module: View all of your software components in one centralized dashboard to quickly locate compromised packages and assess your exposure.
3. Agentic AI Anya: Simply ask, “Am I affected by Shai-Hulud 2.0?” and get an instant analysis of your organization’s risk in seconds.
   

Protecting Your Organization Going Forward

• Enforce phishing-resistant MFA on all developer accounts
• Restrict lifecycle scripts (preinstall/postinstall) in CI/CD
• Use short-lived tokens with minimal scope instead of long-lived credentials
• Pin exact versions of dependencies instead of using version ranges
• Maintain an SBOM to track all dependencies, including transitive ones
  

The Bottom Line

Shai-Hulud 2.0 proves that supply chain attacks are becoming more sophisticated and destructive. The attackers compromised trusted packages from legitimate organizations, used development infrastructure as cover, and built in data destruction capabilities. This isn’t going away—organizations need continuous monitoring and rapid response capabilities to stay protected.

Don’t wait for the next attack. Review your security posture and implement these mitigations today.