Full Report
The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." "
Analysis Summary
# Tool/Technique: Shai-Hulud v2 (Supply Chain Compromise)
## Overview
Shai-Hulud v2 is the second wave of a sophisticated supply chain attack that has expanded its reach from the npm registry to the Maven ecosystem. Its primary purpose is to harvest sensitive data (API keys, cloud credentials, npm/GitHub tokens) from compromised developer machines and propagate malicious payloads across the software supply chain.
## Technical Details
- Type: Malware Family / Supply Chain Attack
- Platform: JavaScript/npm ecosystem and Java/Maven ecosystem (targeting developer environments running these tools).
- Capabilities: Data exfiltration, credential harvesting, self-replication/worm-like spread, evasion using the Bun runtime, lateral movement via GitHub Actions abuse.
- First Seen: The second wave ("v2") is described in November 2025 analysis, building upon an initial September variant.
## MITRE ATT&CK Mapping
*This analysis infers likely mappings based on described behavior, as specific technique IDs were not explicitly provided in the context.*
- **TA0001 - Initial Access**
- T1189 - Drive-by Compromise (Implicitly, through package installation)
- **TA0006 - Credential Access**
- T1552 - Unsecured Credentials
- T1552.001 - Credentials in Files
- **TA0010 - Exfiltration**
- T1041 - Exfiltration Over C2 Channel
- **TA0002 - Execution**
- T1204.002 - User Execution: Malicious File
- **TA0003 - Persistence**
- T1547.001 - Registry Run Keys / Startup Folder (Inferred by persistence mechanisms)
- **TA0005 - Defense Evasion**
- T1027 - Obfuscated Files or Information (Use of Bun runtime to hide logic)
- **TA0011 - Command and Control**
- T1071 - Application Layer Protocol (Exfiltration over GitHub/Git)
## Functionality
### Core Capabilities
- **Supply Chain Compromise:** Exploiting package registries (npm, Maven Central) by publishing trojanized packages exceeding 830 compromised packages in Maven alone.
- **Secret Harvesting:** Scanning infected systems for sensitive data such as API keys, cloud credentials, and tokens (npm, GitHub).
- **Data Exfiltration:** Sending harvested secrets to randomly named public GitHub repositories.
- **Self-Replication/Worm-like Behavior:** Leveraging compromised maintainer accounts to publish the malicious package further, amplifying impact (infection cap raised from 20 to 100 packages).
### Advanced Features
- **Bun Runtime Utilization:** Using the Bun JavaScript runtime to execute and hide the core malicious logic, enhancing stealth.
- **GitHub Actions Abuse:** Injecting rogue CI/CD workflows into compromised repositories:
1. One workflow registers the victim machine as a self-hosted runner, enabling arbitrary command execution when a GitHub Discussion is opened.
2. A second workflow systematically harvests secrets.
- **Exploitation of CI Misconfigurations:** Targeting vulnerable GitHub Actions workflows, specifically leveraging the `pull_request_target` trigger to execute supplied code during CI runs.
## Indicators of Compromise
*Note: Specific hashes, networks, and definitive file paths are not provided in the context, but component names are.*
- File Hashes: [Not specified in context]
- File Names: `"setup_bun.js"` (Loader), `"bun_environment.js"` (Main Payload)
- Registry Keys: [Not specified in context]
- Network Indicators: Exfiltration targets are **randomly named public GitHub repositories** (defanged example: `random-repo-name[.]github[.]io`).
- Behavioral Indicators: Execution of JavaScript/Bun components upon package installation/usage; creation of self-hosted GitHub runners; creation of unauthorized GitHub workflows targeting `pull_request_target` or `workflow_run`.
## Associated Threat Actors
- Unnamed threat actors associated with the "Shai-Hulud" campaign.
## Detection Methods
- Signature-based detection: Signatures could target the specific file names (`setup_bun.js`, `bun_environment.js`) or the coordinates of known compromised artifacts (e.g., `org.mvnpm:posthog-node:4.18.1`).
- Behavioral detection: Monitoring for unusual process execution involving the `bun` runtime outside of expected development environments, or unauthorized modification/creation of GitHub Actions workflows in repositories.
- YARA rules: Could be developed based on static strings or obfuscated code patterns within the `.js` payload files.
## Mitigation Strategies
- **Supply Chain Hardening:** Package consumers must verify artifacts, especially those generated via automated processes (like `mvnpm`).
- **CI/CD Security:** Review and restrict permissions for CI workflow triggers, particularly the usage of the `pull_request_target` event, and avoid self-hosting runners unless absolutely necessary and validated.
- **Credential Management:** Limit the scope and lifetime of secrets stored in CI/CD systems, using short-lived tokens where possible. Developers should audit local environments for exposed tokens.
- **Registry Protection:** Maven Central is working to implement protections to prevent known compromised npm components from being rebundled.
## Related Tools/Techniques
- Other supply chain attacks targeting open-source repositories (e.g., dependency confusion, typosquatting, account takeover).
- Attacks leveraging software build systems or CI/CD pipelines for execution (like SolarWinds or dependency confusion variants).