The Shai-Hulud 2.0 campaign, referred to by its operators as The Second Coming, is one of the largest and fastest npm supply chain attacks in recent years. Between 21 and 23 November 2025, attackers compromised hundreds of npm packages and over 25,000 GitHub repositories in just a few hours.

Unlike traditional malware, this campaign abuses the npm preinstall lifecycle script, allowing malicious code to run before installation completes, even if installation fails.

Check Point researchers revealed that the attack exposed multi-cloud and developer credentials at significant scale. Out of roughly 20,000 repositories analyzed:

• 775 GitHub access tokens were exposed
• 373 AWS, 300 GCP, and 115 Azure credentials were leaked
• Many duplicates were recorded, but a substantial number of valid secrets remained

The first Shai-Hulud attack appeared in September 2025, compromising npm libraries and stealing around $50 million in cryptocurrency. The latest wave, from 21–23 November, introduced expanded payloads, broader automation, and new propagation methods. Security vendors began publishing alerts on 24 November.

The malware begins with trusted or lookalike npm packages. Once installed, it executes during the preinstall step, granting attackers early access to development or build environments. The payload includes setup_bun.js, which installs the Bun runtime, and bun_environment.js, which executes the core malicious logic. Using Bun allows attackers to evade security tools optimized for Node.js.

The malware collects environment variables, SSH keys, GitHub and npm tokens, and cloud credentials, storing them in structured JSON files. Rather than contacting external servers, attackers exfiltrate data by creating public GitHub repositories labeled Sha1-Hulud: The Second Coming.

Persistence is established through self-hosted GitHub runners. Rogue workflow files maintain long-term access, while a destructive failsafe can wipe local files if containment is detected. Stolen credentials are also used to publish new malicious npm packages or repositories, spreading rapidly across the JavaScript ecosystem.

The impact is significant, with 621 infected npm packages, 25,000 compromised repositories, 487 affected GitHub organizations, and 14,206 leaked secrets, including 2,485 still valid. Exposed data included GitHub and npm tokens, SSH keys, cloud credentials, and CI/CD secrets.

Organizations are advised to audit dependency manifests, remove compromised packages, clear npm caches, rotate secrets, inspect GitHub runners, and delete unauthorized workflow files. Preventive measures include enforcing MFA on GitHub and npm accounts, monitoring unexpected repositories, applying SBOM-based scanning, and strengthening CI/CD isolation and secret handling policies.

“Shai-Hulud 2.0 is a highly coordinated supply chain attack with an unusually aggressive execution chain,” said Adi Bleih, Security Researcher, External Risk Management, Check Point Software Technologies. “By activating before installation completes and exfiltrating secrets into attacker-controlled GitHub repositories, the operators gained rapid access to significant volumes of cloud and developer credentials. Organizations should act immediately by auditing dependencies, rotating all potentially exposed secrets, and securing their build pipelines.”

Related post

View all