NPM Ecosystem Under Siege: Self-Propagating Malware Compromises 187 Packages in a Huge Supply Chain Attack

Last updated: September 16, 2025 – 11:45 AM ET

The NPM ecosystem has been rocked by one of its widest supply chain attacks to date, with over 187 popular packages compromised by advanced malware capable of self-propagation and automated credential harvesting. This attack, affecting packages with millions of weekly downloads including angulartics2, ngx-toastr, and @ctrl/tinycolor, demonstrates how cybercriminals are evolving their tactics to create “worm-like” malware that can autonomously spread across the software supply chain. This blog provides a comprehensive analysis of the attack methodology, the malicious payload’s technical capabilities, and the IOCs associated with this unprecedented supply chain compromise.

Mend.io has done an internal audit of our development environment and products and can confirm we are not impacted by this zero day event.

NPM supply chain breach overview

The attack began with a coordinated compromise of multiple package maintainer accounts across different organizations. Attackers successfully infiltrated the accounts of the maintainers, allowing them to inject malicious code into their packages. 

What makes this attack particularly dangerous is the malware’s ability to self-propagate through the npm ecosystem, automatically modifying package.json files and republishing trojanized versions using legitimate maintainer credentials.

Attack surface expansion through automation

Unlike traditional supply chain attacks that require manual intervention, this malware operates as a true “worm” with automated propagation capabilities. The malicious code scans for npm projects within compromised environments, automatically modifies their dependencies, and republishes them with embedded malware, creating an exponential growth pattern that can rapidly compromise entire software ecosystems.

Malware analysis

The payload is designed to operate across multiple environments including developer workstations, CI/CD pipelines, and production servers, maximizing its potential for credential discovery and exfiltration.

Initial execution and persistence

The malware executes through npm package lifecycle hooks, typically during package installation or update processes. 

Multi-stage credential harvesting

The malware operates through several coordinated stages, each designed to maximize credential discovery while maintaining stealth across different environment types.

Stage 1: Environment reconnaissance and TruffleHog deployment

The malware begins by downloading and executing TruffleHog, a legitimate open-source credential scanning tool, to systematically search for exposed secrets across the compromised system.

Stage 2: Cloud metadata endpoint exploitation

The malware specifically targets cloud environment metadata endpoints to extract cloud service credentials and instance information.

Stage 3: GitHub repository manipulation

The malware creates “Shai-Hulud” repositories under compromised GitHub accounts to store and organize stolen credentials, making them easily accessible to attackers.

Advanced propagation mechanism

Perhaps the most concerning aspect of this malware is its self-propagating capabilities, which allow it to spread autonomously across npm packages without human intervention.

Automated package modification

The malware scans for package.json files within compromised environments and automatically modifies them to include malicious dependencies or lifecycle hooks.

GitHub Actions exploitation

The malware leverages GitHub Actions to automate credential exfiltration and maintain persistence across repository updates.

Impact and ecosystem implications

This npm supply chain attack represents a significant evolution in threat actor capabilities and poses unprecedented risks to the software development ecosystem:

Exponential propagation potential

The worm-like behavior enables exponential growth across the npm ecosystem. Each compromised package can potentially compromise multiple downstream packages, creating a cascade effect that can impact thousands of projects within hours.

Developer-focused targeting

By specifically targeting developer environments, the attack compromises individuals who often have elevated privileges and access to multiple systems, repositories, and cloud environments. maximizing the potential impact per infection.

Automated credential harvesting at scale

The integration of TruffleHog enables systematic credential discovery across entire development environments, potentially exposing:

• GitHub personal access tokens
• Cloud service credentials (AWS, GCP, Azure)
• Database connection strings
• API keys and authentication tokens
• SSH private keys and certificates

CI/CD pipeline contamination

The malware’s ability to modify package.json files and republish packages means it can contaminate CI/CD pipelines, potentially affecting production deployments and creating persistent backdoors in deployed applications.

Attribution and threat landscape

The attack demonstrates characteristics consistent with those of the S1ngularity/nx threat group, known for its previous sophisticated npm supply chain attacks. The use of the “Shai-Hulud” repository naming convention matches previous attack patterns, suggesting continued activity from this threat actor.

Attack sophistication indicators

• Advanced automation capabilities
• Multi-stage payload design
• Cloud-native environment awareness
• GitHub Actions integration
• Self-propagating worm behavior

Conclusion

The sophisticated self-propagating malware analyzed in this attack represents a significant escalation in supply chain threat capabilities. By combining automated propagation, comprehensive credential harvesting, and cloud-native environment exploitation, this malware demonstrates how threat actors are adapting to modern development practices and infrastructure.

This incident highlights the critical importance of supply chain security and the need for comprehensive security measures across the entire software development lifecycle. As package ecosystems continue to grow and development practices become increasingly cloud-native, we can expect to see more sophisticated attacks targeting these foundational elements of modern software development.

Mitigation recommendations

To protect against similar supply chain attacks and automated credential harvesting, developers and organizations should implement:

Supply chain security measures

• Use package lock files to prevent unexpected version updates
• Implement private npm registries for critical applications
• Regularly audit and rotate maintainer access credentials
• Enable branch protection rules requiring pull request reviews
• Implement mandatory security scanning for all commits
• Monitor for unexpected repository creation or visibility changes

As supply chain attacks become more automated and sophisticated, proactive security measures and comprehensive monitoring become essential. The npm ecosystem’s massive scale and the development community’s reliance on third-party packages make this attack vector particularly attractive to cybercriminals, requiring enhanced vigilance and security investment from the entire software development community.

**We at Mend.io will continue tracking the situation and updating this blog once new information will become available

Affected packages

The following packages were confirmed to be compromised in this attack. Organizations should immediately audit their dependencies for these packages and versions.