Shai-Hulud Worm Clones Spread After Code Release

Shai-Hulud Worm Clones Spread After Code Release

Newsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsEndpoint SecurityChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsChina's Webworm Uses Discord, Microsoft Graphs to Hack EU GovernmentsbyAlexander CulafiMay 22, 20264 Min ReadApplication SecurityGitHub Confirms Breach, 4K Internal Repos StolenGitHub Confirms Breach, 4K Internal Repos StolenbyAlexander CulafiMay 20, 20263 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificLatin AmericaSee AllThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryApplication SecurityThreat IntelligenceData PrivacyIdentity & Access Management SecurityNewsShai-Hulud Worm Clones Spread After Code ReleaseThe release of Shai-Hulud source code spells trouble for software developers as researchers worry the self-replicating worm could scale.Alexander Culafi,Senior News Writer,Dark ReadingMay 18, 20265 Min ReadSource: FlixPix via Alamy Stock PhotoTeamPCP published Shai-Hulud source code to GitHub last week, and the infamous worm already shows signs of spreading. TeamPCP is a financially motivated threat actor that has long been assessed as a key, if not the key, culprit behind the Shai-Hulud self-replicating worm attacks, as well as various successor worms. Shai-Hulud, named after the sandworms from the popular science fiction novel Dune, is a self-replicating malware worm that began infecting node packet manager (NPM) packages last summer. A developer would download an open source software component that has been poisoned by the malware, the malware would infect that developer with an infostealer, and then the malware would use the developer's compromised NPM accounts to publish poisoned dependencies of whatever packages that develop maintains — all without threat actor interference. The cycle would then repeat.Shai-Hulud and similar worms have made a mess out of the open source development ecosystem in recent months, but despite a tidal wave of threat campaigns targeting developers, defenders acted quickly and the damage thus far has been somewhat limited. Related:GitHub Confirms Breach, 4K Internal Repos StolenWith that in mind, we may be entering a new world of Shai-Hulud-based threats, as TeamPCP invited other threat actors to use the code in attacks. A Datadog blog post noted that GitHub removed the original May 12 repository, though follow-on forks persisted. Shai-Hulud Clones Infest NPMIn a research blog post published today, Patrick Münch, chief security officer (CSO) of vulnerability management vendor Mondoo, said a threat actor "uploaded four malicious packages from one [npm] account: a near-verbatim copy of Shai-Hulud with its own command-and-control infrastructure, three Axios typosquats, and a distributed denial of service (DDoS) botnet payload that conscripts infected machines into a flooding network." Although the weekly downloads for all npm packages combined only total about 2,600, Münch argued that the real story here is that it shows a new frontier for software development supply chain attacks. More specifically, Shai-Hulud is a prototype for "a new paradigm of automated supply chain attack that weaponizes developer identity and the implicit trust baked into modern CI/CD pipelines." With Shai-Hulud, typosquatting is only the first stage. A successful Shai-Hulud variant spreads through compromising developer accounts and updating trusted packages with malware. Münch said a wave of worms like this could disrupt the innate trust in these open source ecosystems that developers across the world rely on. Related:'Claw Chain' Vulnerabilities Threaten OpenClaw DeploymentsAdrian Culley, senior sales engineer at SafeBreach, tells Dark Reading that the Shai-Hulud release is less about bravado and more about TeamPCP running a marketing campaign for an access broker business. The malware command-and-control (C2) by default is attached to TeamPCP's infrastructure, for example."The open source drop launders attribution behind a wave of copycats, the BreachForums contest is loss-leader pricing to recruit unpaid distribution, and every C2 those contestants stand up still feeds credentials into TeamPCP's monetization pipeline," he says. "The point isn't the worm. The point is to overwhelm defenders while the credentials walk out the back door."Additionally, Münch notes to Dark Reading that while the practice of open sourcing malware might seem unusual, once a toolset is documented by defenders, Shai-Hulud's use as a private weapon is over. Releasing the source code buys them noise (attribution is much harder), damage to the open source supply chain, reputation, and recruitment. The CSO observes that TeamPCP's Telegram channel grew from 700 to nearly 1,200 over the course of this campaign, and it just announced a new "CipherForce" affiliate program which may well benefit from the new attention.Related:Attackers Weaponize RubyGems for Data Dead Drops"The historical parallel is Mirai in 2016," Münch says. "The author leaked the source code right as law enforcement closed in. The result wasn’t that Mirai disappeared, it became the template for years of IoT botnets. TeamPCP appears to be running the same playbook for the CI/CD supply chain."Troubling Implications for Future WormsThis ties into what Münch called the most "uncomfortable detail" about the clones: attackers can apparently swap out the C2 and signing key without much consequence. "The headline clone, published as chalk-tempalte (a typosquat of the popular chalk-template package), is an almost direct copy of the leaked Shai-Hulud source," he wrote. "The attacker swapped in their own C2 endpoint and their own signing key, did not bother with obfuscation, and shipped it. And it worked."The infostealers on the back end varied between all four packages. One looked identical to the Shai-Hulud open source version, while the other three varied in capabilities. The reason this matters, Mondoo highlighted, is that the various infostealers appear to be "machine-assemnled." Thus, an attacker can spin up multiple payloads and run four different malware packages simultaneously with little effort.  As Culley puts it, defenders were able to beat Shai-Hulud last year because they were chasing one worm at a time. "From here they’re chasing a population — variants with different C2, different keys, different payloads, sharing enough DNA to be dangerous but not enough to share signatures."According to Mondoo's blog post, turning on three controls in a package manager should neutralize the threat of Shai-Hulud and these clones. Developers should block life cycle scripts by default, enforce a release cooldown, and detect trust downgrades."Beyond the package manager, treat your CI/CD pipeline as an attack surface, not a deployment mechanism," Münch wrote. "Audit which dependencies actually need install-time code execution and document why. Rotate any credentials that have been on developer workstations or CI runners that touched the affected packages. And do not assume that because the four packages flagged this week have low download counts, your environment is unaffected. The same techniques are being applied right now by actors who have not been caught yet."About the AuthorAlexander CulafiSenior News Writer, Dark ReadingAlex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. At Dark Reading, he covers a variety of cybersecurity topics, including the cybercrime ecosystem, open source security, and the intersection between AI and threat actors. In his spare time, Alex hosts the weekly Nintendo podcast, "Talk Nintendo Podcast," and works on personal writing projects, including two previously self-published science fiction novels.He has received numerous awards, including TechTarget's Writer of the Year in 2022 as well as more than 10 Azbee awards for his reporting between 2022 and today. See more from Alexander CulafiWant more Dark Reading stories in your Google search results?Add Us NowMore InsightsIndustry ReportsHow Organizations Are Managing Incident ResponseHow Enterprises Are Developing Secure ApplicationsInside RSAC 2026: security leaders reveal the risks redefining your defense strategyHow Enterprises Are Harnessing Emerging Technologies in CybersecurityDitch the Data Center: Understanding Flexible Cloud Infrastructure Security ManagementAccess More ResearchWebinarsBuild vs. Buy: The Hidden Cost of Building Your Own AI Security StackDefending in the Shadow Era: When the CVE Feed Goes DarkBuilding SecOps That Make the Most of Every DollarAI-Powered Cybersecurity for Resource-Constrained OrganizationsAI-Powered Credential Security: Intelligence Without ExposureMore WebinarsEditor's ChoiceThreat IntelligenceFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberFrom Stuxnet to ChatGPT: 20 News Events That Shaped CyberbyDark Reading Editorial TeamMay 6, 202631 Min ReadCyber RiskPhysical Cargo Theft Gets a Boost From CybercriminalsPhysical Cargo Theft Gets a Boost From CybercriminalsbyRobert LemosMay 4, 20265 Min ReadWant more Dark Reading stories in your Google search results?Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, dat