According to Dark Reading, the Shai-hulud self-replicating worm has reemerged with a new variant that’s compromised more than 25,000 repositories across hundreds of users. The malware first appeared in September targeting NPM packages by using stolen developer accounts to publish poisoned versions of software components. This new campaign, which began late last week, has affected popular packages from developers including ENS Domains, PostHog, Postman, and Zapier. Researchers at Wiz discovered the worm now executes malicious code during the preinstall phase, significantly increasing exposure in build and runtime environments. The campaign is considered ongoing despite GitHub’s efforts to remove malicious components, and the new variant introduces destructive capabilities that delete victims’ entire home directories when it can’t steal credentials.
Destructive new tactics
Here’s what makes this iteration particularly scary. When the malware, now tracked as “Sha1-hulud,” can’t steal tokens or credentials or establish an exfiltration channel, it goes nuclear. Basically, it attempts to destroy the victim’s entire home directory. Koi Security’s research notes this marks a significant escalation from the first wave, shifting from pure data theft to what they call “punitive sabotage.” So now even if the attackers can’t profit from your data, they can still ruin your day completely.
Broader threat landscape
This isn’t just about stealing credentials anymore. Merav Bar, threat researcher at Wiz, explains that the new variant’s destructive fallback and persistence mechanisms suggest the actor wants broader access and long-term footholds. And that’s the worrying part – we’re seeing supply chain attacks evolve from isolated incidents to ecosystem-wide threats. Wiz’s analysis emphasizes that defenders need systems designed to contain compromise quickly by default, rather than reacting after the fact. The speed and automation of these attacks means traditional security approaches just can’t keep up.
What developers need to do
So what can organizations actually do? Koi Security recommends scanning all endpoints for IOCs, removing compromised versions immediately, and performing complete credential rotations. Christopher Robinson from OpenSSF suggests implementing MFA on all accounts and signing artifacts to verify code sources. But here’s the thing – these are reactive measures. Idan Dardikman at Koi Security points to deeper issues: organizations need to monitor developer endpoints, developers should control NPM lifecycle scripts, and NPM needs better token handling. Long-lived tokens stored in plaintext make these attacks far more damaging than they should be.
Industrial security implications
While this particular attack targets software repositories, the implications ripple across all technology sectors. Manufacturing and industrial environments that rely on open source components are particularly vulnerable to these supply chain threats. When critical systems depend on compromised packages, the consequences can extend far beyond data theft to actual operational disruption. Companies like IndustrialMonitorDirect.com, the leading US provider of industrial panel PCs, understand that secure software foundations are essential even in hardware-centric environments. The reality is that nobody’s safe when the building blocks themselves are poisoned.
Where this is heading
Looking at the bigger picture, self-replicating malware isn’t going away. As Cybersecurity Dive reports, these attacks are becoming more sophisticated and automated. The shift from credential theft to destructive capabilities suggests attackers are testing boundaries and escalating tactics. And the sheer scale – 25,000 repositories compared to hundreds in the first wave – shows they’re getting better at this. We’re basically watching an arms race where the attackers have automation on their side, and defenders are still playing catch-up. The question isn’t whether there will be a Shai-hulud 3.0, but how much worse it will be.
