For the third time in just a few weeks, experts are warning of a significant threat to the open source npm ecosystem, after discovering a first-of-its-kind worm designed to steal secrets.
On Monday, malicious versions of various popular npm packages with millions of combined weekly downloads started appearing, according to ReversingLabs. The firm said yesterday that it had observed at least 700 GitHub repositories impacted by the campaign.
The malware itself (3MB+ of JavaScript) has been dubbed “Shai-Hulud” – the name of the giant sandworms in the movie Dune.
“After an npm developer account is compromised, the worm looks for other packages the developer maintains. It then creates a new version of each of those packages by injecting itself into them,” explained ReversingLabs.
“Each newly created package is modified with a postinstall action that will execute the malicious bundle.js when an unsuspecting user downloads the compromised package. This is repeated in perpetuity as the worm finds new developers to infect, and then uses them to spread even further.”
Read more on npm threats: Malicious npm Code Reached 10% of Cloud Environments
Packages published by compromised npm accounts are automatically updated with the malicious bundle.js file to accelerate the worm’s spread, the vendor added.
The bundle.js script is designed to steal npm, GitHub, AWS and GCP tokens. But it also installs TruffleHog – an open source tool that can detect as many as 800 secrets.
If it finds GitHub tokens, the worm will create a new public GitHub repository with the name “Shai-Hulud” and dump the victim’s secrets there.
It will also push a new GitHub Actions workflow to all accessible repositories.
“The GitHub action has a runnable action triggering on the PUSH event that is designed to exfiltrate the tokens accessible from the workflow environment to the url hxxps://webhook.site/bb8ca5f6-4175-45d2-b042-fc9ebb8170b7. This data is also double Base64-encoded,” said ReversingLabs.
Yet another piece of malicious Shai-Hulud functionality is to migrate private GitHub repositories belonging to a compromised GitHub account to publicly accessible ones.
“This is likely an attempt to gain access to secrets hardcoded in those repositories, and possibly to steal the source code they contain,” the report continued.
“That stolen code can be analyzed for vulnerabilities that can be used in later attacks on the software.”
ReversingLabs said it had seen 700 victims’ private repos exposed in this way.
Links to S1ngularity
Several security vendors have linked the campaign to a similar one which targeted the authors of a popular package called “Nx.”
“Based on victimology, Wiz Research assesses this activity is tied to the recent s1ngularity / Nx supply chain attack, where initial GitHub token theft enabled the broader chain of compromise and leaking of formerly private repositories,” claimed Wiz.
“The initial npm packages that started this chain reaction included multiple known-compromised victims of the s1ngularity attack.”
JFrog warned anyone that has installed a package compromised by Shai-Hulud to assume secrets have been exfiltrated.
It urged them to rotate any access tokens that were stored on an affected machine which:
- Were issued by one of the following providers – GitHub, npm, AWS, GCP, Azure
- Can be identified by TruffleHog
