Full Report
Where it’s been well and truly forked, seemingly without Microsoft’s code locker noticing
Analysis Summary
# Tool/Technique: Shai-Hulud Worm
## Overview
Shai-Hulud is a self-propagating worm developed by the threat group "TeamPCP." Primarily targeting the software supply chain through npm packages, the malware is designed to harvest cloud and version control credentials. In May 2026, the group officially open-sourced the malware on GitHub under the MIT License, leading to a surge in forks and community-driven variants, including cross-platform adaptations.
## Technical Details
- **Type:** Worm / Credential Stealer
- **Platform:** Cross-platform (Windows, Linux, and recently FreeBSD)
- **Capabilities:** Credential harvesting, supply chain poisoning, environment wiping (destructive)
- **First Seen:** September 2025
## MITRE ATT&CK Mapping
- **[TA0001 - Initial Access]**
- [T1195.001 - Supply Chain Compromise: Compromise Software Dependencies and Development Tools]
- **[TA0006 - Credential Access]**
- [T1552 - Unsecured Credentials]
- [T1555 - Credentials from Password Stores]
- **[TA0003 - Persistence]**
- [T1574.006 - Hijack Execution Flow: Dynamic Linker Hijacking]
- **[TA0040 - Impact]**
- [T1485 - Data Destruction]
## Functionality
### Core Capabilities
- **Credential Harvesting:** Specifically targets credentials for AWS, Google Cloud Platform (GCP), Microsoft Azure, and GitHub stored on the local system.
- **npm Package Infection:** Scans for local npm packages and injects malicious code to facilitate further propagation.
- **Auto-Propagation:** Automatically creates and publishes "poisoned" code to registries to compromise downstream users.
- **Exfiltration via GitHub:** Uses GitHub repositories as a destination for uploading stolen credentials and staging exfiltrated data.
### Advanced Features
- **Destructive "Vengeance" Logic:** If the malware fails to achieve its primary objective (credential theft or propagation), it triggers a routine to wipe the local environment.
- **Open Source Adaptability:** The codebase is designed for modularity; recent community pull requests have added support for FreeBSD.
## Indicators of Compromise
- **File Hashes:** *(Note: Specific cryptographic hashes were not provided in the source article. Analysts should look for high-entropy scripts within npm modules.)*
- **File Names:** Look for files associated with `TeamPCP`, `agwagwagwa`, or repositories containing "Shai-Hulud".
- **Network Indicators:**
- `github[.]com/TeamPCP/` (and associated forks)
- `github[.]com/agwagwagwa/`
- **Behavioral Indicators:**
- Unexpected outbound connections to GitHub from automated build environments.
- Unauthorized `npm publish` events.
- Bulk deletion of files following a failed process execution (Impact/Destruction).
## Associated Threat Actors
- **TeamPCP:** The original authors, known for "cat-themed" branding and "vibe-coded" messaging.
- **agwagwagwa:** A suspected member or high-tier collaborator who ported the worm to FreeBSD.
## Detection Methods
- **Signature-based detection:** Scanning for specific strings such as "Shai-Hulud: Open Sourcing The Carnage" or "Is it vibe coded?".
- **Behavioral detection:** Monitoring for sensitive cloud credential file access (e.g., `~/.aws/credentials`, `~/.config/gcloud`) by unauthorized processes, specifically npm or Node.js.
- **Supply Chain Auditing:** Using tools to detect unauthorized changes in `package.json` or post-install scripts.
## Mitigation Strategies
- **Secrets Management:** Use short-lived credentials or OIDC (OpenID Connect) for CI/CD pipelines instead of long-lived static keys.
- **Dependency Pinning:** Use lock files (`package-lock.json`) and audit them regularly for suspicious modifications.
- **Pre-publish Hooks:** Implement security scans that prevent the publishing of packages if they contain unauthorized code or high-risk patterns.
- **Egress Filtering:** Restrict build server access to only necessary external endpoints and monitor data volume sent to GitHub/GitLab.
## Related Tools/Techniques
- **CrateDepression:** Similar supply chain attack targeting Rust developers.
- **Dependency Confusion:** A broader technique used by Shai-Hulud to infiltrate dev environments.
- **Protestware:** Malware that includes destructive logic based on specific triggers (similar to Shai-Hulud's "vengeance" wipe).