PostHog Hacked: Shai-Hulud 2.0 Worm Steals 25,000+ Developer Secrets via npm
For the PostHog team, developers of an open-source analytics platform, the recent npm-based attack has become the most serious security incident in the project’s history. The root of the breach was a malicious release of the library Shai-Hulud 2.0, which attackers used to inject a credential-stealing script into widely used JavaScript SDKs — enabling them to harvest developers’ access tokens and automatically propagate compromised builds further down the supply chain.
Key modules were hit, including posthog-node, posthog-js, and posthog-react-native. Each malicious version contained a hidden preinstall script that executed immediately upon installation. It scanned the user’s codebase and configuration via the TruffleHog utility, searching for tokens and keys. Any discovered secrets were uploaded to public GitHub repositories created specifically for collecting the stolen data. From there, the attack escalated: the captured npm tokens were used to publish new infected packages, accelerating the worm’s spread.
According to Wiz — one of the first companies to investigate the incident — within just three days the malware had accessed the secrets of at least 25,000 developers. The impact extended far beyond PostHog’s own users: infected dependencies spread to packages from Zapier, AsyncAPI, ENS Domains, and Postman. Many of these are downloaded tens of thousands of times each week, magnifying the scale of the compromise to extraordinary proportions.
Shai-Hulud 2.0 behaved not as a typical trojan, but as a full-fledged worm. It did not stop at stealing GitHub tokens or npm keys: the malicious packages extracted environment variables, cloud-platform credentials (AWS, GCP, Azure), and sensitive data from CI/CD pipelines and other internal infrastructure components.
Once the attack was discovered, the PostHog team revoked all compromised keys, removed the infected SDK versions, and began publishing clean releases. Yet the most unsettling detail was how the worm initially infiltrated the system: everything began with an ordinary pull request. Due to a misconfiguration in the CI pipeline, a script from the attacker’s branch executed with full privileges. This granted access to a bot token with write permissions across the entire organization — turning the attacker’s foothold into full control.
From there, the compromise unfolded in a cascading chain. Armed with the stolen credentials, the attacker introduced a counterfeit linting script that mimicked a style-checking tool. In reality, it harvested all sensitive variables, including the npm publishing token. This was the mechanism that enabled the mass distribution of malicious SDK versions.
In response, PostHog announced a series of strengthened security measures. The company is abandoning automated CI-based publishing and adopting npm’s trusted publisher model. Installation scripts have been disabled in the build process, and any workflow modifications must now undergo manual review.
This incident once again illustrates how vulnerable even major open-source projects remain. A single inconspicuous PR, an automatically triggered pipeline without safeguards, and an over-privileged technical account — together these provide everything a malicious actor needs to infiltrate the supply chain and begin stealing the data of thousands of developers.
Support Our Threat Intelligence
If you find our technology report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
