Skip to content

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology

Information Security News

  • Home
  • Cyber Security
  • Cybercriminals
  • Data Leak
  • Google
    • Android
  • Information Security
  • Linux
  • Malware
  • Microsoft
    • Windows
  • Open Source Tool
  • Vulnerability
  • Technology
  • Malware

Shai-Hulud Malware Hits @antv Ecosystem, Poisoning Hundreds of npm Packages

by Nam Phong · May 20, 2026

The npm ecosystem has been subjected to a massive, highly coordinated supply-chain assault. Within a compressed one-hour envelope, threat actors successfully forced hundreds of malicious versions of popular libraries into the registry, actively targeting downstream developers and continuous integration build systems. This campaign, explicitly linked to the Shai-Hulud threat lineage, poses a severe risk because the corrupted distributions convincingly mimicked standard, benign software updates.

According to telemetry published by Socket, the adversaries distributed 639 malicious versions spanning 323 unique packages on May 19 between 04:56 and 05:56 MSK. The primary focus of the incursion targeted the @antv organization, an enterprise ecosystem responsible for widely deployed data visualization, graphing, flowcharting, and mapping libraries. Conspicuous among the compromised assets were @antv/g2, @antv/g6, @antv/x6, @antv/l7, echarts-for-react, timeago.js, size-sensor, and canvas-nest.js.

The genesis of the infection chain trace back to the credential compromise of the atool npm administrative account, a trusted identity utilized to publish portions of the @antv portfolio. The malicious payloads were programmatically injected directly into the core index.js files, engineered to systematically harvest active GitHub and npm session tokens, cloud infrastructure keys, Kubernetes configuration maps, HashiCorp Vault secrets, Docker credentials, SSH keys, local database connection strings, and sensitive environment variables from active CI/CD pipelines. This aggressive harvesting mechanism concurrently impacted local developer workstations and major cloud compilation platforms, including GitHub Actions, GitLab CI, Jenkins, Azure DevOps, CircleCI, Vercel, and Netlify.

To obscure its outbound egress footprint from standard network monitoring utilities, the exfiltrated data was encrypted and routed utilizing the decentralized Session P2P network protocol. Upon establishing access to an intercepted GitHub profile, the malware programmatically initialized clandestine repositories within the victim’s own account to serve as drop zones for the stolen telemetry. Aikido Security initially identified over 2,700 such illicit repositories, a metric that rapidly escalated past 2,900 just prior to public disclosure.

Technical analysis from Endor Labs highlighted an especially alarming architectural evolution: this contemporary iteration of Shai-Hulud possesses the capacity to synthesize cryptographically valid Sigstore attestations by actively hijacking OpenID Connect (OIDC) tokens native to compromised continuous integration environments. Consequently, the tainted npm packages successfully passed standard supply-chain provenance verifications, effectively masquerading as trusted, verified builds despite harboring high-severity credential-harvesting logic.

Furthermore, the malware exhibits robust self-propagating capabilities. The implant validates intercepted npm tokens to identify any upstream packages managed by the victim, programmatically retrieves the tarball archives, injects its own malicious subroutines, and publishes newly infected iterations with bumped version numbers to the registry. Both Socket and Aikido Security deduce that while this variant diverges from ancestral Mini Shai-Hulud specimens, it preserves the foundational adversarial blueprint. Additionally, this contemporary wave implements persistent local backdoors by manipulating localized user settings within Visual Studio Code and Anthropic Claude Code environments.

Software engineers and site reliability cells who ingested any of the impacted dependencies are urgently advised to purge the corrupted versions or immediately roll back environments to verified stable releases compiled prior to May 18. This containment phase must be followed by a comprehensive revocation and rotation of all potentially exposed cryptographic keys, identity tokens, and SSH credentials.

Related coverage

  • uBlock Origin Blocks ClickFix Malware Pop-ups
  • The Gentlemen Ransomware Zero-Day: Dismantling EDR Systems from the Kernel
  • PolinRider Supply Chain Attack Spans npm, Go, Chrome
  • Mustang Panda Exploits Zoho WorkDrive in Cyber Espionage
  • FortiBleed Malware Campaign Linked to INC Ransom

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share

Tags: @antv Malicious Packagesatool Maintainer AccountCI/CD Secret StealerClaude Code BackdoorOIDC Token HijackingSession P2P NetworkShai-Hulud npm AttackSigstore Provenance ForgerySoftware Supply Chain WormVisual Studio Code Malware

Follow:

  • Next story The Silent Blackout: Unpatched Huawei Router Zero-Day Crushed Luxembourg’s Telecom Grid
  • Previous story Bypassing the Guardrails: New “DirtyDecrypt” Linux Flaw Overwrites Root Files in Memory

  • Recent Posts
  • Popular Posts
  • Tags
  • Favicon attack surface intelligence and server discovery graphics

    Vulnerability

    Uncovering the Favicon Attack Surface

    July 7, 2026

  • T3MP3ST vulnerability framework architecture and autonomous AI agent workflow

    Open Source Tool

    The T3MP3ST Vulnerability Framework

    July 7, 2026

  • uBlock Origin new filters blocking ClickFix malware pop-ups and BNB Chain testnet requests

    Malware

    uBlock Origin Blocks ClickFix Malware Pop-ups

    July 7, 2026

  • GamersFirst Anti-Cheat GFAC driver CVE-2026-12168 kernel privilege escalation to SYSTEM

    Vulnerability

    GamersFirst Anti-Cheat Driver Has 3 CVEs in Windows

    July 7, 2026

  • FatFs vulnerabilities in embedded devices triggered by crafted SD card or USB drive

    Vulnerability

    7 FatFs Bugs Threaten Embedded Devices via Removable Media

    July 6, 2026

  • Iranian cyberattacks on Israel cyber war graphic

    Cyber Security

    Iranian Cyberattacks on Israel Triple in 2026

    July 2, 2026

  • SolydXK 10.4 released: based on Debian Buster

    Linux

    SolydXK 10.4 released: based on Debian Buster

    September 27, 2019

  • OpenSUSE Leap 15.4 Beta releases, Linux distributions

    Linux

    OpenSUSE Leap 15.4 Beta releases, Linux distributions

    May 30, 2020

  • Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    Linux

    Ubuntu 16.04.6 LTS released: fix security vulnerabilities

    March 1, 2019

  • GhostBSD 23.10.1 released, FreeBSD distribution

    Linux

    GhostBSD 23.10.1 released, FreeBSD distribution

    May 1, 2020

  • AI AI security Android Apple APT BOTNET China CISA cloud security cryptocurrency cyberattack cybercrime Cyber Espionage cybersecurity Cybersecurity 2026 data breach Github google hacking Infosec InfoSec 2026 Infostealer Linux Linux Kernel malware Microsoft network security open source Penetration Testing phishing privacy privilege escalation Prompt Injection ransomware RCE remote code execution security Social Engineering supply chain attack Tech News 2026 threat intelligence vulnerability windows Windows 11 zero-day
  • Home
  • About Us
  • Contact Us
  • DMCA NOTICE
  • Privacy Policy

Information Security News © 2026. All Rights Reserved.

Powered by  - Designed with Hueman Pro