Full Report
Mini Shai-Hulud caught spreading credential-stealing malware The wave of supply chain attacks aimed at security and developer tools has washed up more victims, namely SAP and Intercom npm packages, plus the lightning PyPI package.…
Analysis Summary
# Tool/Technique: Mini Shai-Hulud
## Overview
Mini Shai-Hulud is a sophisticated credential-stealing malware and self-propagating framework used in supply chain attacks. It targets developer environments and CI/CD pipelines by poisoning popular packages in the npm and PyPI ecosystems. The malware is designed to automate the theft of sensitive secrets and propagate itself into new repositories and package distributions.
## Technical Details
- **Type:** Malware Family (Worm/Credential Stealer)
- **Platform:** Cross-platform (JavaScript/Node.js and Python environments)
- **Capabilities:** Credential theft, GitHub/CI-CD secret extraction, self-propagation, encryption, and exfiltration via GitHub.
- **First Seen:** April 2026 (Reported)
## MITRE ATT&CK Mapping
- **TA0001 - Initial Access**
- T1195.002 - Supply Chain Compromise: Compromise Software Dependencies and Development Tools
- **TA0002 - Execution**
- T1059.007 - Command and Scripting Interpreter: JavaScript
- T1059.006 - Command and Scripting Interpreter: Python
- **TA0006 - Credential Access**
- T1552 - Unsecured Credentials
- T1555 - Credentials from Web Browsers/Password Stores
- **TA0007 - Discovery**
- T1082 - System Information Discovery
- **TA0010 - Exfiltration**
- T1567.001 - Exfiltration Over Web Service: Exfiltration to Code Repository
## Functionality
### Core Capabilities
- **Automated Execution:** Utilizes "preinstall" scripts in npm `package.json` files or execution upon "import" in Python packages to run malicious code before the application logic.
- **Secret Harvesting:** Scans local environments and memory for GitHub tokens, npm credentials, Kubernetes tokens, and CI/CD secrets (GitHub Actions).
- **Cloud Credential Theft:** Aggressively targets environment variables and configuration files for AWS, Azure, and GCP secrets.
- **Exfiltration:** Encrypts stolen data and exfiltrates it by creating new repositories under the victim's own GitHub account to avoid detection by traditional network monitoring.
### Advanced Features
- **In-Memory Extraction:** Capable of extracting secrets directly from GitHub Actions runner memory.
- **Self-Propagation:** Includes logic to automatically infect other repositories and packages accessible from the compromised developer's local environment.
- **Obfuscation:** Uses advanced JavaScript obfuscation to evade static analysis tools.
## Indicators of Compromise
### Affected Packages
- **npm (SAP Ecosystem):**
- `[email protected]`
- `@cap-js/[email protected]`
- `@cap-js/[email protected]`
- `@cap-js/[email protected]`
- **npm (Intercom):**
- `[email protected]`, `7.0.5`
- **PyPI (AI/Deep Learning):**
- `[email protected]`, `2.6.3`
### Behavioral Indicators
- Creation of unauthorized public GitHub repositories under developer accounts.
- Unexpected outbound connections to `github[.]com` from CI/CD runners or internal build servers during the build phase.
- Presence of `router_runtime.js` within project directories or package scripts.
## Associated Threat Actors
- **TeamPCP:** A cybercrime group linked to multiple high-profile supply chain attacks targeting developer toolstacks.
## Detection Methods
- **Behavioral Detection:** Monitoring for the execution of unusual scripts (like `preinstall`) during dependency installation.
- **Log Analysis:** Reviewing GitHub audit logs for unexpected repository creation and secret access.
- **File Monitoring:** Scanning for obfuscated `router_runtime.js` or unexpected additions to `package.json` and `setup.py`.
## Mitigation Strategies
- **Pin Dependencies:** Use lockfiles (e.g., `package-lock.json`, `poetry.lock`) to ensure only verified versions of packages are installed.
- **Audit Scripts:** Disable the execution of lifecycle scripts during installation (`npm install --ignore-scripts`) when possible.
- **Environment Isolation:** Use ephemeral, isolated build environments with limited access to long-lived credentials.
- **Credential Rotation:** Regularly rotate cloud provider keys and GitHub fine-grained personal access tokens.
## Related Tools/Techniques
- **Shai-Hulud Worm:** The precursor malware upon which "Mini Shai-Hulud" is based.
- **Dependency Confusion/Typosquatting:** Similar methods for initial access through trust in package managers.